Two new Security Vulnerabilities affect every Computer and Phone manufactured since 1995.

Two new vulnerabilities, "Meltdown" and "Spectre" can let an attacker access whatever data is in an affected devices memory.  Meltdown can access sensitive data and files by melting down security boundaries typically enforced by the hardware.  The Spectre exploit tricks apps into leaking secrets.

Though there has been no known exploits at this time you can believe that the bad guys are already looking at ways to exploit these new flaws.  There are many innocent websites that have been unwittingly compromised with malicious code that is downloaded and executed when that page is visited.

An example of a worst-case scenario is a low-privileged user on a vulnerable computer could run JavaScript code on an ordinary-looking web page, which could then gain access to the contents of protected memory.

http://www.zdnet.com/article/security-flaws-affect-every-intel-chip-since-1995-arm-processors-vulnerable/?loc=newsletter_large_thumb_featured&ftag=TRE-03-10aaa6b&bhid=27630927001468733386426006914379

The vulnerabilities were discovered by Google's Project Zero team.

Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.
The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.
These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.

https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html


Meltdown and Spectre: Here’s what Intel, Apple, Microsoft, others are doing about it

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/

http://www.eweek.com/security/microsoft-delivers-emergency-windows-10-patch-for-meltdown-cpu-bug


Apple responds to Intel, ARM chip flaws: All Macs and iOS devices are vulnerable, but don’t panic

http://bgr.com/2018/01/05/apple-security-chip-flaws-iphone-ipad-all-macs/


Microsoft issues patch for Meltdown and Spectre Vulnerabilities

Microsoft has issued an emergency patch for Windows 10 users already.  It can be downloaded and installed directly from the following link;

https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

Some AVs may block you from installing the patch.  If you are having difficulty check the following article.

Windows Meltdown-Spectre fix: How to check if your AV is blocking Microsoft patch
Antivirus firms play patch catch-up, as Microsoft releases Meltdown firmware updates for Surface devices.

http://www.zdnet.com/article/windows-meltdown-spectre-fix-how-to-check-if-your-av-is-blocking-microsoft-patch/?loc=newsletter_large_thumb_featured&ftag=TRE-03-10aaa6b&bhid=27630927001468733386426006914379