The Meltdown and Spectre are serious vulnerabilities and have wide reaching impact. They affect nearly every computer and device running current processor. Big vendors are affected including Microsoft, Apple MacOS, Google Android, ChromeOS as they all either run on Intel or ARM. The loopholes existed for years. The flaws take advantage of loopholes that exist in most of modern processors versions too.
They call it Meltdown and Spectre. As these flaws go these days -perhaps famously ever since Heartbleet, they come with their custome logoes too.
These two exploits were nicknames on how each affects the system; One melting down the secure delimitation between the OS and user applications running on top of it. The other, Spectre breaks isolation between different applications. Spectre flaws results an App with a bad intention could steal secrets from other Apps running on your phone: A process is stealing data from adjacently running process because they both share common platform. This is why Cloud Service providers are worst affected because they run or host numerous customers data or applications on the same hardware.
These are not software level vulnerabilities but information disclosure vulnerabilities just like Heartbleed. Especially they are hardware vulnerabilities. The flaws are to do with the design of the microprocessor’s operation.
The reason why these is so critical is because they affect millions of computers. Specifically the flaw grant complete access to protected memory. Applications do not allow other application’s process to read or access its protected memory space. This breaks that protections and could therefore read area of computer memory it should not have access to. In essence the vulnerability thought not seen exploited in the wild, could allow an attacker to read secrets like password, or anything contained in that memory on the exploited computer.
The exploit were released ahead of their intended time and this resulted everyone scrambling to push something out sooner rather than later.
1. Endure that your Anti-Virus vendor has updated their application and you have their lates update.
2. Updates to the latest Windows update and particularly make sure this include the January 2018.
3. Apply the microprocessor firmware release by your particular maker.
Users can do little other than updating their system.