What are Meltdown and Spectre, and what is the difference between the two?
“Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.”
Meltdown and Spectre (or “SpecDown”) are both flaws that permit an application to read privileged memory; the difference is that Meltdown can be exploited from a program and Spectre can be exploited by other programs. Think of Meltdown as the sword and Spectre as the gap in the armour; Meltdown will be (or has been) used to target software which, owing to its design, is vulnerable to Spectre.
Who is affected by these exploits?
Both bugs are found at the hardware-level within the processor. Intel’s chips are the most widely vulnerable; however, devices carrying AMD and ARM chips are susceptible too, along with Apple’s A-series of chips. While a list of every affected chip is not immediately available, reports are available indicating that Intel’s design flaw dates back to 1995.
Every OS is affected. Linux’s KPTI (formerly KAISER) has been updated to mitigate the attacks; macOS has been hardened as part of its 10.13.2 and Windows has had a series of patches earmarked as “2018-01” released.
How can I deal with this?
In short – check with your operating system vendor – Linux, Microsoft, or Apple and be sure you have applied all system patches.