Researchers have discovered two severe vulnerability in processors named Meltdown (CVE-2017-5754)  and Spectre  (CVE-2017-5753 and CVE-2017-5715) which affects almost every processor since 1995
Researchers have discovered two severe vulnerability in processors named Meltdown (CVE-2017-5754)  and Spectre  (CVE-2017-5753 and CVE-2017-5715) which affects almost every processor since 1995.The flaw could allow programs to steal data which is currently processed on the computer.The details of vulnerability were disclosed by Jann Horn, a security researcher with Google Project Zero and said that vulnerability affects almost all CPUs including Intel, AMD, and ARM.MELTDOWN VULNERABILITY“Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system” described in the post published by Google.It uses speculative execution to break the isolation between the OS and user applications which allows any application at access all the system memory.Meltdown vulnerability affects almost all laptops, desktops, and cloud computers.SPECTRE VULNERABILITY“Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre”  described in the post published by Google.Spectre vulnerability is harder to exploit than Meltdown vulnerability, but it is also harder to mitigate.It breaks the isolation between different applications and tricks applications to accidentally disclose data which are normally inaccessible and safe inside their protected area.Most OS makers have already released patches for the vulnerability. Apple fixed the vulnerability in the macOS High Sierra 10.13.2 released last month.Google has released patches as part of their of Android January security patch update. Microsoft has released a patch for Windows 10 and other versions it is scheduled to release on January 9, 2018, as part of their patch Tuesday update.For more details, you can visit the academic paper released on Meltdown and Spectre vulnerability