Happy New Year,
As the relentless passage of time continues so do the reports of new security vulnerabilities. This time it is the turn of Intel (bing bong bong bong) based CPUs with Meltdown. And the Spector vulnerability for pretty much every system including smartphones.
What now ?!
An extremely serious flow in the design of Intel CPU’s allows an attacker to access memory on the system. More technical details on the Meltdown flaw here. Spectre is much more serious as it is harder to mitigate and defend against as most systems will be affected. Thankfully it is also harder to exploit, this is not to say that it will stay that way for long. More technical details on Spectre here.
Whats the risk ?
If your system is affected, the exploits can read the memory content of your computer. This may include passwords and sensitive data stored on the system. This includes desktops, laptops, servers, smartphones, also virtualised systems.
What can we do ?
For the Meltdown flaw there are already patches from the major operating system providers incoming. Keep an eye out for them in the coming days.
For Spectre this one is so fundamental it may not be patched by vendors for sometime. Expect updates to trickle out slowly.
There is more information on the official Meltdown & Spectre website.
Microsoft have some mitigation steps to follow here