It has been confirmed that a newly discovered flaws in Intel Processors at the hardware level could allow programs to steal data from running applications. In a typical case, programs are not allowed to read data from other programs. However a malware exploiting these new vulnerabilities can get data from the memory of currently running programs. This includes confidential information such as business-critical documents, passwords, login details, encryption keys, etc. The vulnerabilities have been named Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715).
The 2 differ as follows in the way they perform; Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory. Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.
According to the research papers published by researchers, a javascript program running in a web browser could perform this exploit as well.
It should be noted that Cloud providers which use Intel CPUs and as virtualization without having patches applied and hypervisor systems, such VM Hosting Servers that rely on containers that share one kernel will be particularly affected by both vulnerabilities.
Note that unlike typical malware exploits that can leave traces in log files, Meltdown and Spectre does not leave any trace, making it more difficult to determine if a system is already infected.
Patches are being deployed/built for all major Operating Systems by their respective developers. This includes Linux, Windows and OS X. Please follow following link to obtain security patch updates and mitigation.
Do note however that these patches have been reported to degrade system performance by a notable percentage, although it would be more advisable to secure your system than leave it vulnerable.
