These hardware bugs allow programs to steal data which is now processed on the computer. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. By Wednesday, Google and Microsoft said they had updated their systems to deal with the flaw. Updates and patches to fix Meltdown are being rolled out and will likely slow systems.
Here's a look at what's affected, what's being done about it and whether you should worry.
"Processor slowdowns trickle down from data centers to everyone using the internet", said Bryce Boland, chief technology officer for Asia at cybersecurity firm FireEye.
In a statement Thursday, Arm said that the majority of its processors are not affected by Spectre or Meltdown but confirmed that it has been working with Intel, AMD and other partners to develop defenses against the vulnerabilities.
However, Intel's stock is up 0.63% to $44.71 on Friday after the company said it has found a fix to the previously unfixable problem. Lawyers filed a lawsuit in San Jose, California, federal court on Wednesday that sought class action status and compensation for people who had bought vulnerable Intel chips or computers that came with them already installed. Tech companies typically withhold details about security problems until fixes are available so that hackers wouldn't have a roadmap to exploit the flaws.
To make matters worse, consumers were warned that a software update to fix the widespread problem could potentially slow down their computers, although it remains unclear to what extent that is true.
"If you're going to disable this, then you're back to ... many, many years ago, we're talking 10 years", he added. Spectre represents a broader range of more complex and sophisticated attacks that could work on virtually all processors and may be impossible to completely protect against in software alone. One, named Meltdown, affects Intel chips for laptops and servers. The flaw is not only a pain in the ass to patch (as major changes are required at the operating system level to patch it) but once fixed, the machines in question could see performance declines of up to 30 percent. The flaw is in how memory isolation works on Intel CPUs, despite the use of mechanisms such as Address Space Layout Randomization (ASLR), which is widely used in all modern operating systems. The ARM design is also used in Apple's mobile chips.
But Intel said that it had found a fix for 90% of its processors made in the last five years and that the fix will be ready by the end of next week. They also have the potential to affect data centres and devices that connect to the cloud.
It's also heartening to see how quickly the major cloud computing companies, including Google, Microsoft, and Amazon, patched their systems to protect against the Meltdown vulnerability. But in a matter of hours, more evidence have surfaced showing that the vulnerabilities have massive industry wide implications.
Advice from the U.S Computer Emergency Readiness Team's was grim.
The scramble to harden a broad array of devices comes after researchers found two significant vulnerabilities within modern computing hardware, one of which can not be fully resolved as of yet.
That's not to say nothing can be done. Mozilla says it's also implementing a short-term mitigation that disables some capabilities of its Firefox browser.
The company does admit that in some cases the performance impact from software updates might be "higher", though it adds "additional post-deployment identification, testing and improvement of the software updates should mitigate that impact".