Meltdown and Spectre are critical vulnerabilities in modern processors. These processor vulnerabilities allow programs to steal data that is processed on the computer.
A malicious program can exploit Meltdown and Spectre to get hold of sensitive data stored in the memory of other running programs.This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.
How to Protect Yourself?
- There are patches for Meltdown on Linux, Windows, and OS X.
- There is also workaround to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre.
You may also find these resources helpful from various security advisories:
- Intel – Security Advisory
- Android – Security Bulletin
- Apple – Update OS to 10.13.2 (and 10.13.3 when it becomes available)
- ARM – Security Update
- AMD – Security Information
- AV Vendors
- Microsoft – Security Guidance
- Amazon – Security Bulletin
- Google – Project Zero Blog
- Linux – LKML
- Mozilla – Security Blog
- Nvidia – Security Forum
- Red Hat –Vulnerability Response
- Debian – Security Tracker
- Ubuntu – Knowledge Base
- SUSE – Vulnerability Response
- LLVM – Spectre (Variant #2) Patch
- CERT – Security Vulnerabilities
- MITRE- CVE-2017-5715 | CVE-2017-5753 | CVE-2017-5754
- VMWare – Security Advisory
- Citrix – Security Bulletin
- Xen – Security Advisory
Other Helpful Meltdown & Spectre Resources