The vulnerabilities found in processor chips (now generally being called "Meltdown" and "Spectre") enable side channel attacks in affected systems. Yesterday's reports said only Intel chips were affected; some competing manufacturers initially said their processors were unaffected. That optimism seems to have been misguided: most recent processors share the Spectre vulnerabilities. They've been identified in ARM and AMD chips as well.
Meltdown (CVE-2017-5754) permits ordinary applications to evade the security boundaries usually enforced at chip level to access the private contents of kernel memory. This vulnerability appears confined largely to Intel chips. Spectre (CVE-2017-5753 and CVE-2017-5715) is the more widespread and potentially dangerous of the two. It enables an attacker to bypass isolation among different applications. According to Google, which says its Project Zero discovered the flaws last summer, the vulnerabilities are rooted in the way chips are engineered for efficiency to perform speculative execution, which enables the threading that lends processes the smooth speed users expect.
Microsoft has issued an out-of-band patch to mitigate the problem for its products. Other vendors either have or shortly will make mitigations available. These are expected to fix the security issues, but at the expense of performance. Many experts are advising people that their patched devices will run noticeably more slowly. Cloud users should experience similar slowdowns.
Google expels bogus security products from the Play store.
Iran's crackdown on the Internet continues as the regime declares victory in quashing unrest, but few observers take the Islamic Republic's claims of triumph at face value.