tl;dr the potential exploits dubbed Meltdown and Spectre do not affect Particle devices, our cloud services are being patched this week and mobile users are protected as long as they’re running the latest OS versions.
For those curious about the technical details, I encourage you to check out meltdownattack.com, which includes more details about how the exploits were discovered, how they work and advisory updates from various vendors.
The Meltdown and Spectre attacks both have to do with untrusted processes (applications) nefariously accessing the data/secrets of trusted processes, where both kinds of processes are running in the same execution environment (CPU, memory, etc). These are in execution environments where process isolation is expected and relied upon (your PC, your mobile device, cloud services, etc.)
Since embedded CPU’s, such as the ARM Cortex M3 used by Particle devices, generally provide no notion of process isolation in the first place, it would be be reckless to construct an embedded system which runs untrusted code at all. So, nothing new here.
Jeff
Eben Upton of Raspberry Pi fame wrote an excellent explanation of the meltdown/spectre attacks (best that I’ve seen so far). Take a look here:
Jeff