Meltdown and Spectre
Meltdown and Spectre are bugs in computers leak passwords and sensitive data. It exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
Check if your machine is affected:
$ cat /proc/cpuinfo | grep bugs
If it shows cpu_insecure, you need to patch it.
You can patch it by upgrading the kernel packages
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo init 6
If you’re using Amazon Linux
$ sudo yum update kernel