New attack on CPU can read arbitrary parts of system memory
New attack aims at modern processor regardless of operating system. It exploits vulnerabilities Spectre (CVE-2017-5753 and CVE-2017-5715) and Meltdown (CVE-2017-5754).
Vulnerability called Meltdown is present on all Intel CPUs since 1995 (except Intel Itanium and Intel Atom before 2013). It’s yet unclear if it’s also present on ARM and AMD CPUs. Exploitation of this vulnerability allows accessing arbitrary parts of system memory. System memory can contain passwords or security keys.
Second vulnerability called Spectre is present on Intel, AMD and ARM CPUs. Exploiting this vulnerability can cause other application to access parts of their memory enabling the attacking application to read it contents.
It’s unknown if the vulnerability is being exploited in the wild. For successful exploitation attacker needs to execute code in the victims computer. Updates are available for Windows, Linux and OS X.