Independent researchers separately discovered and named these vulnerabilities "Spectre" and "Meltdown".
"Meltdown" reportedly affects Intel chips only and could allow hackers to bypass the hardware barrier between applications run by users and the computer's memory, potentially letting hackers read a computer's memory and steal passwords.
Apple has yet to issue a statement about its Safari browser, so the best immediate step you can take is to make sure that you are using a secure version of Chrome or Firefox until an OS-level update comes out for your system.
The CERT division of the Software Engineering Institute at Carnegie Mellon University published a notice Jan. 3 initially recommending replacement of the affected CPU hardware as the only way to fully protect devices against the vulnerabilities. If Intel is right, it will have closed a major security flaw in its processors.
Receive our Daily Dispatch and Editors' Picks newsletters. Apple Watch is not affected by Meltdown.
Thankfully, for those with an 'Intel inside' there's a patch that can mitigate the problems. Microsoft issued a security update yesterday and, generally, Windows 10 will automatically download necessary security updates and install them for you.
The lack of diversity in the computing business turns such vulnerabilities into a systemic problem. Bearing in mind the number of chips with the flaw, the chances that your computer has a vulnerability are very high.
Intel denied that "a 'bug' or a 'flaw'" in its products was the root cause of the issue - as had been earlier suspected - arguing instead that its products, and the devices they were incorporated into, were simply "operating as designed". Meltdown affects computers that use Intel chips, while Spectre affects computers and smartphones built on Advanced Micro Devices (AMD) and ARM processors. They then got wind of Amazon working on an implementation and became more suspicious.
Apple did not comment on whether its iOS operating system, which also powers iPhones and iPads, was at risk. Solutions exist that introduce minimal performance impact, and expect such techniques will be adopted by software vendors over time.
The Meltdown bug concerns laptops, desktop computers and internet servers that have Intel chips. Spectre represents a broader range of more complex and sophisticated attacks that could work on virtually all processors and may be impossible to completely protect against in software alone. "It's good design and if you have a good design for something, it will protect you".
There are many conflicting reports about patch impacts being publicly discussed. At the end of November Brian Krzanich, Intel's chief executive, sold half his shares for $14m, which left him with the minimum holding required by Intel.
A major security flaw has surfaced that's thought to affect all Intel microprocessors since at least 2011, some ARM processors and, according to Intel, perhaps those of others.
"The exploitation does not leave any traces in traditional log files", the researchers write.
In many respects, public cloud users are better-protected from security vulnerabilities that are users of traditional datacenter-hosted applications.
Intel said it was working with its rivals AMD and ARM "to develop an industry-wide approach to resolve this issue promptly and constructively". But all that also promotes brittleness and fragility.