Meltdown is the more serious exploit, and the one that operating systems are rushing to fix. It “breaks the most fundamental isolation between user applications and the operating system,” according to Google. This flaw most strongly affects Intel processors because of the aggressive way they handle speculative execution, though a few ARM cores are also susceptible.
Researchers from Google Project Zero in association with several Universities have discovered a design vulnerability in Intel processors over the past decade that covers, among others, the ability of ordinary programs to determine the content or layout of protected kernel memory (i.e. areas reserved just for the operating system). While the details appear to be under embargo for now, the fix is to completely separate the kernel memory from those ordinary processes. That could carry a significant speed hit on some devices.
These two major vulnerabilities are being called “Spectre” and “Meltdown”. The “Spectre” exploit allows access to your operating system’s kernel memory because of how the processors handle “speculative execution,” which modern chips perform to increase performance. An attacker can exploit these CPU vulnerabilities to expose extremely sensitive data in the protected kernel memory, including passwords, cryptographic keys, personal photos, emails, or any other data on your PC.
On the other hand we have the “Meltdown” exploit. This is the more serious one, and the one that operating systems are rushing to fix. It “breaks the most fundamental isolation between user applications and the operating system,” according to Google. This flaw most strongly affects Intel processors because of the aggressive way they handle speculative execution, though a few ARM cores are also susceptible. Spectre affects AMD and ARM processors as well as Intel CPUs, which means mobile devices are also at risk. (We have a separate FAQ on how Spectre affects phones and tablets.) There may be no hardware solution to Spectre, which “tricks other applications into accessing arbitrary locations in their memory.” Software needs to be hardened to guard against it.
How much of a slowdown you see depends on the processor and the task in question. The biggest blows are expected to come to virtualization systems like Amazon’s EC2 or Google Compute Engine. Whether or not this affects our everyday tasks like gaming or web browsing is another matter, even though there are some more tests to be performed, most say it won’t be significant.
Initial reports were pointing to just Intel as the source of the hardware flaws. However, this happened to be incorrect. In this regards, Intel has released a news article on the 3rd of January 2018 responding to those accusations and stating that: “Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.”. You can read the full article HERE.
For more information about this two exploits, please visit the official website: https://meltdownattack.com/