skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.

Spectre & Meltdown: Quick Fact Sheet

Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, Google’s Project Zero has provided exploits that work against real software.

So far, there are three known variants of the issue:

To exploit the issue on an unpatched system, an attacker would only need to be able to execute code. This means that shared (cloud) systems are particularly vulnerable, and Mozilla confirmed that it is possible to use similar techniques from Web content to read private information between different origins, so it could be exploited on a vulnerable browser simply by visiting an attacker-controlled site.

More Detail:

Original papers:

Mitigating the issue

Given the seriousness of this issue, the collective response from vendors has been outstanding. Here’s a look at our current status:

Cloud Providers
Operating System Vendors
Antivirus Vendors

Individual Antivirus Vendor responses can be found here. (Thanks @gossithedog!)

Browser Vendors

This documents details a current security event affecting many modern microprocessor designs. Information may change rapidly as the event progresses, and more info or commands added here soon.

This blog first appeared on Jonathan Cran’s blog.


Casey Ellis

Executive Chairman, Founder and CTO of Bugcrowd.

Back To Top