Computer Processor Vulnerabilities (Meltdown and Spectre)
Security researchers have identified hardware vulnerabilities that affect most computer processor chips, including those made by Intel, AMD, and ARM. The vulnerabilities, known as Meltdown or Spectre, could allow specially scripted programs to access information stored in your computer’s memory, including information being processed by other programs.
Meltdown and Spectre work by bypassing safeguards built into computer chips that were intended to prevent programs from reading protected data in other areas of a computer. By exploiting these vulnerabilities, a malicious program could access data from other programs or from the computer’s central processing unit.
Software and hardware companies, including Microsoft, Apple, Google, cloud service providers, and processor manufacturers, are developing fixes to address these vulnerabilities. ITS recommends that you always install any available security patches for your operating system, software, and firmware as soon as they are available.
(Note that there are reports that some fixes for the Meltdown and Spectre vulnerabilities may impact system performance, particularly in systems performing large amounts of system calls, such as databases or backup servers. Typical users, however, should see little impact.)
For more information about Meltdown and Spectre, as well as links to information on available security patches, see https://meltdownattack.com or the US Computer Emergency Readiness Team (CERT) vulnerability page at www.us-cert.gov/ncas/alerts/TA18-004A.