Meltdown affects any device running an intel CPU. This includes some tablets; most laptop computers; most desktop computers; most servers (physical and virtual) and most of the hardware behind Cloud services. In other words, all Apple Mac computers; most Windows computers; most Linux (or *nix) computers; most Windows servers; Google Cloud servers; Amazon AWS Cloud servers; Microsoft Azure Cloud servers; VMWare servers; XEN servers; HyperV servers etc.
Spectre affects pretty much any device with a modern CPU within it. This includes all Apple iPhones; all Apple iPads; all Android tablets; all Android phones; all Windows phones; all laptops, desktops, servers etc. running AMD processors; network switches; robot vacuums etc.
Mitigation:
Mitigation against these bugs is not easy. Spectre especially will be with us for some time as the only way to actually "fix" the bug is to re-design the processor architectures to avoid the issue occurring. Meltdown can be mitigated by re-writing the kernel (or base level) code used by devices. The fix involves moving the kernel-level memory to a different physical location within a processor's memory system, thus making it impossible for the bug to be used to read that memory. Unfortunately doing so introduces a performance hit to the system that kernel is running. This is currently being estimated as being between 5% and 30%, depending on the task being undertaken.
Microsoft, Apple, Google, Cisco & Linux have all now confirmed patches for their relevant systems, although in some cases actually getting those patches may not be as easy as it should be. Below is a breakdown of what is know of each company's patches at the moment:
Microsoft:
Microsoft have released patches for Windows 7, 8, 8.1 and 10, along with all supported versions of Windows Server. However, for the patch to be enabled, there has to be an update to, and co-operation with, any installed Anti-Virus software. This is to ensure against an old (bad) anti-virus software causing a system crash as a result of the Microsoft patch. Most AV software has now also been updated, but if you're not sure, uninstall your third party AV and let Windows Defender do the work - it is up to date and does enable the patches to function.
Apple:
Apple have stated that their latest iOS (iPhone and iPad) and MacOS (Macbook, iMac etc.) releases already contain patches to mitigate against these bugs.
Google:
Google say that if you are running the "latest security patches" for Android, then you are already protected from these bugs. However, due to the unique way Android works, your device manufacturer (Motorola, Samsung, LG, One+ etc) may not have released those patches yet. Indeed, even if the manufacturer has released the patches, your phone network provider (O2, Vodafone, EE, 3 (in the UK)) may not yet have approved them.
Cisco:
Cisco have released patches for their networking equipment "just in case". To get these patches you'll need a device that is still in support, plus a valid support contract from Cisco.
Linux:
The latest Linux kernels contain patches to mitigate against these bugs. It is of course up to individual Linux distributions to package those kernels into their software.