"NCSC advises that all organisations and home users continue to protect their systems from threats by installing patches, as soon as they become available".
"In terms of real-world risk, it's another day in information security", said Kenneth White, security researcher and co-director of the Open Crypto Audit Project. The company said today that all of its Macs and iOS devices are vulnerable to the same issues.
We haven't heard much from Microsoft yet about the flaw, but it's expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday this month, after seeding them to beta testers running fast-ring Windows Insider builds in November and December.
However, despite all of this work, Williams noted that with the Meltdown patches specifically, "the patch does not address the core vulnerability, it simply prevents practical exploitation".
Researchers first announced the two flaws affecting virtually all computer processors on Wednesday. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time".
If your laptop/desktop/server vendor has provided extra chipset firmware updates, you can get them from their official sites, install them, and complete the patch.
Issuing the alert yesterday, the Singapore Computer Emergency Response Team (SingCert) said: "The vulnerabilities enable attackers to steal any data processed by the computer".
It's something no one had realized was an issue for 20-some years.
Google's Project Zero security team became aware of the flaws late past year and said it had been working to protect its services, including G Suite applications and Google Compute Platform (GCP). Google too has listed out a set of devices and software that need to be updated to the latest version for protection against these bugs. These patches "scramble" how kernel memory is stored, making it impossible for applications to exploit the flaw.
Security researchers have recently uncovered security issues known by two names, Meltdown and Spectre. "Exploits for these bugs will be added to hacker's standard toolkits", said Guido.