You’ve probably heard about the two major bugs that have been hitting the news recently. Their names are Meltdown and Spectre, and they affect nearly every modern computer processor.
As there’s so much information flying around the internet, it’s easy to not grasp the whole picture, or just have an easy place to direct other people to.
Luckily, Graz University of Technology have created MeltdownAttack.com, which explains both bugs, links to their relevant papers, and then some common questions and answers.
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.