ngCERT-2018-0010: Advisory on Meltdown and Spectre Vulnerabilities
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. In behavioural dissimilarity, Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory which implies that applications can access system memory. On the other hand, Spectre tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.
In nutshell, these attacks would not be possible except the normal privileges checking behaviour within the processor is compromised through the interaction of features like speculative execution, branch prediction, out-of-order execution and caching. Presently, it is still difficult to detect an attack on a system because the exploitation does not leave traces in traditional log files. Consequently, information which might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even official or business-critical documents and many more are at risk of attack if Meltdown and Spectre vulnerabilities were successfully exploited
Meltdown and Spectre affect the majority of modern processors. Though, there are patches made available by chipmakers and software designers, full protection against this class of vulnerability will likely require changes in CPU design by manufacturers especially for Spectre. In the interim, software updates can provide mitigation against exploits by disabling or working around some of the optimized behaviour that leads to these vulnerabilities. It is therefore advisable that individuals and administrators regularly subject their devices to updates in line with best practices.
Note: Every type of impacted hardware and software requires its own specifically tailored solution, and even a fix that works as intended may slow down system processes as a side effect because these mitigation patches affect the optimization routines within the processor