Meltdown and Spectre exploit hardware vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer.
Meltdown: Can be used to read sandboxed private kernel memory from an unprivileged user process. Spectre: Can be used to extract info from other running processes
Meltdown and Spectre can be used to steal data that is processed on a computer.
- You are affected if you have an Intel processor released since 1995 with the exception of Itanium and pre-2013 Atoms. A list of vulnerable ARM processors and mitigations is listed https://developer.arm.com/support/security-update. No AMD processors were affected.
- The operating system is responsible for process management and access privileges:
- You could be affected to a degree if you are running Intel, ARM, or AMD processors.
- This post has the specifics https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
- One of the more prominent exploits could be stealing login cookies from your browser:
- In order to mitigate any risk exposed by this exploit, update your operating system by downloading all recent updates:
- If you are running Windows Server, supposedly you need to enable “kernel-user space splitting” after the updates are installed.
- All major browser vendors have issued patches already update your browsers:
Ensure you are running the version of your operating system, and the latest version of your web browser.