What it is:
Back in June of 2017, researchers at Google Project Zero and a few other academic institutions and security firms discovered two vulnerabilities that have been codenamed Meltdown and Spectre. Both are fundamental flaws in the design of the processors that power almost all modern computers, tablets, and smart phones. These vulnerabilities can be exploited to access the entire memory contents of an affected system. This would allow someone to steal passwords, encryption keys, and other sensitive data that is normally only accessible to the operating system.
What it affects:
Because of the low-level nature of these vulnerabilities, the list of affected devices is extremely widespread. Any device with a processor chip from Intel, AMD, or ARM since 1995 is affected by one or both of these vulnerabilities. Apple has already come out and said that all iOS and Mac OS devices are affected. A majority of Android devices are also vulnerable. Every Windows computer is vulnerable in some way as well. Additionally, all vulnerable systems can potentially be exploited through most web browsers.
What you can do:
While there aren’t currently any known attacks exploiting these vulnerabilities out in the wild, proof of concept has been demonstrated and this should be treated seriously. The most important thing you can do is keep your devices up to date. Operating system updates are already being pushed out by all major vendors as of early January. It is also important to keep antivirus software up to date as the operating system updates cannot go through if the antivirus software hasn’t been updated for compatibility. It is also critically important to employ safe email and web browsing habits. Extra caution needs to be taken when clicking on links and visiting websites because these flaws can be exploited through the framework that powers most websites on the internet.
By Brian Croft (Element Staff Engineer)