Details are finally emerging on a couple of serious security issues that have received much media attention and speculation: Meltdown and Spectre.
Meltdown and Spectre exploit critical vulnerabilities in modern processors (CPUs). These hardware bugs allow programs to steal data which is currently processed on the computer. Meltdown and Spectre work on personal computers, mobile devices, and in the cloud.
Meltdown and Spectre
More details on the exploits and a list of OS and hypervisor patches can be found here: https://spectreattack.com/
- Accellion: Customer notice and new release of kiteworks 3.1.
- Cisco: Cisco Security Portal update
- Dropbox: Investigating - official response to follow soon.
- Entrust: Statement below:
"Entrust Datacard is actively following the security advisories of the operating system and virtualization vendors whose products we use in our production environments. We are taking action to apply the appropriate patches as they become available. No action is required on the part of customers using these products and services."
- iPass: (awaiting response)
- IronWorks: Mitigated, Security Advisory has been released.
- janusNET: (awaiting response)
- LogRhythm: A public blog post and a Security Advisory have been released.
- Lookout: (awaiting response)
- mimecast: Statement - under investigation by security teams.
- MobileIron: A Security Bulletin (DOC-7412) has been released.
- NetMotion: Awaiting patch from OS supplier.
- OneLogin: Mitigated, article published here.
- Webalo: (awaiting response)
- Zimperium: A Security Advisory has been released.
We will be updating this post over coming days with links to our partners' responses to these vulnerabilities as these are published.
Our primary advice to customers is to update your risk register and maintain your patch programmes. Please also keep up to date with vendor notifications.
We're available to assist with impartial and friendly advice - please call us on 01223 97 90 90 for help.