Not to be overly pessimistic, but now details of the vulnerabilities (including a JavaScript PoC) are in the wild you can safely bet there will be unscrupulous people working hard to exploit them (however difficult that is to achieve) and whatever related loopholes transpire. I would imagine this is just the beginning of a new class of exploits until new CPU architecture is adopted and BIOS/FW updates for related security vulnerabilities will need to become a regular norm (especially for PCs) in addition to the OS and App updates most people are already used to.
Should also be mindful (however the CPU vendors talk down the issues) that a previously assumed impenetrable separation of data is no longer the case. There aren’t many examples that set precedent for what’s been exposed with Meltdown and Spectre so far.
BTW - how many people are aware that they aren’t protected until BIOS/firmware is patched with microcode as well as the OS/App updates that have been rushed out? How many people actually know how to do that for, say, a PC? How many people know that in many cases vendors haven’t and may never provide the former (like my old Vaio laptop)?
Finger’s crossed there’s some better support from the industry coming to inform on these things before exploits come into the wild. I guess at least it is easier to push firmware updates to mobile/tablet devices IF they are provided.
I would say that for anyone on an affected device that hasn’t yet been patched (both BIOS/FW and OS as applicable), maybe it is time to install mobile anti-virus/anti-phishing as a precaution.
