Re: Shysters at work.
In this case, Apple is both the "chip house" and OS vendor.
In the case of Intel CPUs, the flaw is mitigated in software so Intel depends on Microsoft, Redhat, Apple and others who sell products incorporating Intel CPUs to make the fixes.
Google 'Intel errata' and you'll find that every CPU Intel has ever sold has a lengthy list of flaws. Most aren't security issues, are corner cases and so forth but those that can be fixed (and not all can, others are just listed as "here's a bug you have to accept if you buy a Skylake") all fixed in software. Whether that's a microcode update that is delivered in firmware or a patch, or by an OS workaround, or (in more cases than you'd think) by compilers working around it, Intel can't guarantee the fix since they don't control the software environment of their CPUs.
Now Google "Apple errata" or "Samsung errata" and you'll find nothing, because Apple and Samsung don't release errata information for their SoCs. And why should they, when they don't sell them on the open market to end users. But you can be sure both do have plenty of errata, because you can't build devices with billions of transistors without having plenty of bugs in your design.