Cyber security researchers have recently identified a set of industry-wide security vulnerabilities in the Central Processing Units (CPUs) of most computing systems related to an anomaly in the CPU hardware itself. These vulnerabilities, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715) exploit the design of the CPU optimisation functions potentially allowing an attacker to steal data which is currently processed on the computer.
While applications are typically not permitted to read data from other programs, a malicious attacker could exploit Meltdown and/or Spectre to gain secrets stored in the memory of other running programs. This may include passwords, cryptographic keys, personally identifiable information, photos, emails, etc. While the vulnerabilities are significant, and proof of concept exploit code has been released, no known exploits have yet been found in the wild.
