TL;DR probably nothing to worry about yet unless you’re hosting a website/application on a cloud service provider that’s not Google, Azure, AWS. Also appears to require processes to be run on a system.
The vulnerabilities have existed for probably more than 20 years, were just recently discovered, and mostly impact cloud based platforms (or other people’s computers.)
Your desktop, Android, iPhone, etc are probably safe unless you run a program that exploits those vulnerabilities. In the case that you’re running an infected program, you’re in trouble anyway and you’re going to get hit by something whether it’s these vulnerabilities or porn popups.
Looks like it can also affect ARM processors – prepare for the breaking of the patches and the slowing of all things.
The biggest threat is mostly cloud-based systems. AWS, Google Cloud, whatever -cloud you’ve got hosting your website, that is where the issue can be because a hacker can rent some space, access the entire memory contents of the physical machine it’s on and…
ok, what’re we going to get from maybe 48-256 gigabytes of data from a virtual server that’s getting unlawfully inspected?
Potentially something if the memory isn’t encrypted (good chance it’s not.) Your hacker is going to have access to the RAM another system has and whatever it’s got in it. That could be potentially file names, whatever database is loaded, but only if it’s in that machine that’s servicing that part of the cloud.
Let’s see who claims they’ve already fixed it: Google and Microsoft have according to the New York Times, with Amazon Web Services almost to completion. This just leaves your random cloud operators who sell virtualized instances to cover their behinds.
An update is coming from MS, Linux already has patches. Well that’s good.
NYT claims the patches could slow the performance of affected virtual machines by 20-30% and that would be “an ugly situation for people used to fast downloads…” – er, no. Unless that cloud service hosted website is rendering data for you that’s not going to affect downloads in any fashion whatsoever. I can push a file at a gigabit and use less than 1% CPU.
But anyway, this doesn’t affect you yet (there are no known exploits in the wild,) there’s nothing you can do, and once again when a company claims they’re completely secure remember if they didn’t build or completely deconstruct the processor, motherboard, bios, operating system, virtualized environment themselves, they can’t claim that. And as far as I know no cloud hosting company has as of yet done this.
It’s big yes, glad everyone gets to see it’s out there, but the boogeyman isn’t going to hit any of the big cloud players it looks like.