Vulnerabilities in speculative execution, branch prediction, and application isolation that lead to sensitive information disclosure and affect almost all modern processors have recently been disclosed. Speculative execution and branch prediction are processes designed to increase the performance of processors by performing anticipatory calculations that may not be needed to complete a process. Application isolation prevents user applications from accessing the memory address space of another application. The Meltdown and Spectre attacks are based on the ways processors handle speculative tasks and out of order execution. These vulnerabilities, if successfully exploited, allow an attacker to view otherwise confidential information in a system’s memory.

Threat Intelligence

At this time we are not aware of these vulnerabilities being exploited in the wild. However, proof-of-concept scripts have been made public. Our Threat Intelligence team will continue to monitor for updates as more information becomes available.

Technical Summary

Speculative execution and branch prediction are the premature execution of tasks by a processor before it is known where and if this information is needed. These are designed to optimize performance in modern CPUs. If it is determined information that is a product of speculative execution was not needed, the information is discarded.

Spectre tricks applications into accessing system memory through choosing specific instructions to speculatively execute. By training the Branch Target Buffer to mispredict, an attacker can redirect to a gadget (or machine code snippet) instead of the correct memory address. The execution of this abnormal speculative operation leaks sensitive information from any application running on the system via side channels from the victim’s machine. Spectre can also be exploited via JavaScript to read information from browser address space. For further information, please reference the authors’ whitepaper at

Application isolation prevents applications from accessing arbitrary system memory. Meltdown breaks protections that stop applications from accessing system memory by exploiting out of order execution, a feature to increase performance in newer processors. Only systems running Intel processors are vulnerable to Meltdown due to its use of an Intel specific privilege escalation flaw. Use of the same CPU by multiple users increases the risk for both Spectre and Meltdown.

For additional information, please reference the white paperswhitepapers from the Graz University of Technology.


We recommend the following actions be taken:

  • Apply the released patches for Linux (KPTI, formerly KAISER), OS X, Android, and>
  • Apply applicable BIOS updates.
  • Ensure the latest version of your desired browser is installed.






Systems Affected

  • Intel processors
  • Intel, AMD, and ARM processors.

All devices containing these chips are vulnerable.