Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. Malicious programs can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs obtaining passwords, logon details and what was once thought to be secured information.
Meltdown and Spectre work on personal computers, mobile devices, and in the Cloud – AWS, Azure, and other 3rd party Cloud / IaaS Providers.
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. If your computer has a vulnerable processor and runs an un-patched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
Vendor recommendations:
Information on the vulnerabilities:
Current known list of affected vendors and their respective advisories and/or patch announcements below