On January 3, 2018, the Google Project Zero team reported they had discovered three variants of a hardware bug with important ramifications. You can read their blogpost, Reading privileged memory with a side-channel.
The three variants are:
- Spectre (Variant 1): bounds check bypass - CVE-2017-5753
- Spectre (Variant 2): branch target injection - CVE-2017-5715
- Meltdown (Variant 3): rogue data cache load - CVE-2017-5754
Microsoft and Apple have released updates to help mitigate Meltdown and Spectre vulnerabilities.
Microsoft Windows devices
To help mitigate your Windows devices:
- Update the Malwarebytes for Windows database.
- Open Malwarebytes for Windows.
- Click on Check for Updates to download the latest database update.
Minimum database version required is v1.0.3624.
- Install the latest Microsoft updates for your specific operating system:
- Install the latest updates for your browser.
For more information, refer to Microsoft's article Protect your Windows devices against Spectre and Meltdown.
To help protect your Apple devices, Apple recommends installing the latest version of macOS and Safari.
For more information, refer to Apple's article About speculative execution vulnerabilities in ARM-based and Intel CPUs.