Google’s Project Zero security team just announced two serious security vulnerabilities called Meltdown and Spectre. These vulnerabilities are particularly serious because they occur in the CPU chip’s architectures so it affects any software running on most Intel CPUs manufactured from 1995 to today. If you have a device or computer with an Intel processor that implements “out-of-order” execution, as most CPUs in use today do, it is vulnerable to attacks.
The problem lies in the CPU chips rather than the software. CPUs manufactured in the future will contain design changes to eliminate the vulnerabilities but of course that does not help with current devices. Fortunately, it appears that operating system and browser makers can release patches that will limit the exposure. You will want to install those updates as soon as they are available.
The security folks at Defiant have a blog post with details on the Meltdown and Spectre vulnerabilities. You can read it here.
Posted by Dave Feltz, Software Applications Consultant