I just learned about the Meltdown and Spectre attacks (CVE-2017-5754, CVE-2017-5753, CVE-2017-5715).
How vulnerable are our x86 routers? When will a patch be available?
Looking for a official word from Mikrotik.
These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.
https://www.theregister.co.uk/2018/01/0 ... erability/On a shared system, such as a public cloud server, it is possible, depending on the configuration, for software in a guest virtual machine to drill down into the host machine's physical memory and steal data from other customers' virtual machines. See below for details on Xen hypervisor updates.
Javascript can access the CPU of your system (where the browser is running). in RouterOS there is no web browser or javascript.I heard that it can be exploited from Javascript.
Javascript is a lot more versatile than RouterOS scripting, so it could well be that exploiting it from there is impossible.
But it should be noted that having "guest" type users who can execute scripts could in theory lead to acquiring more privileges.