This week passed mostly with discovery of two new CPU vulnerabilities called Meltdown and Spectre.
Here is TLDR version:
- Researches from Google's project zero and couple of universities around the
world found two exploits in current CPUs and called them Meltdown and
- Meltdown affects only Intel CPUs.
- Spectre affects all chips (Intel, AMD, ARM).
- There are security patches for Meltdown. They can affect computer performance
from 0% to 30%. The slow down depends on the task and the processor model.
Fortunately the impact for "normal" users should be minimal, but if you run
server you might not be that lucky.
- There is no one magical fix that can protect users from Spectre.
- Definitely, in the future, there will be multiple patches that will try to
fix different aspects of this exploit.
- Don't panic! All you need to do is to update your operating system. All major
systems already prepared patches.
Here is the list of links for those who want to know more.
Site dedicated to those exploits
Meltdown academic paper
Spectre academic paper
Google Project Zero Technical explanation
Simple explanation of the Meltdown bug
Intel's statement and whitepaper
List of affected CPUs
Benchmarks showing how meltdown fix is slowing down CPUs
How meltdown fix affected Epic's Fortnite servers
ARM's statement and whitepaper
Why Raspberry PI isn't vulnerable to Spectre or Meltdown
Funny parody of Intel's stickers
Image credits: Meltdown Attack.