In 2018, we wrote about a vulnerability in Intel processors called Spectre, which can be used to hijack applications and steal data. Recently, functional Spectre (CVE-2017-5753) exploits have been leaked . This concerns an exploit for Linux and an exploit for Windows.
The recently leaked exploits enable reading arbitrary files on compromised devices. For example
Among the vulnerable systems for these exploits are: Fedora 24-27, Ubuntu 14.04-18.10, Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2012. Later software versions have mitigations against spectre.
Since this attack can be used to bypass authentication or steal data, we assess the impact as high.
Due to the recently leaked exploits the risk of abuse of these vulnerabilities in short term is high.
Shortly after publication of CVE-2017-5753 patches for all major operating systems and browsers have been released. Northwave strongly recommends to apply the released patches or replace unsupported systems if you have not already done so. No other methods for mitigation are known at this point.