There has been A LOT of coverage recently about two widespread vulnerabilities that affect almost all modern computing devices, that are being referred to as "Meltdown" and "Spectre". Fortunately for a majority of our clients (you), the largest impact will be felt by organizations running multiple workloads spread out over multiple servers, large databases, as well as those utilizing cloud-computing environments like Amazon’s AWS, or Microsoft’s Azure.
What do these vulnerabilities mean?
- Meltdown - Meltdown is due to a defect with Intel processors affecting any device that uses Intel equipment. This is the more serious of the vulnerabilities due to both the widespread usage of Intel processors across all manner of computing devices, and is also significantly easier to exploit. Thankfully, Apple has already deployed mitigations against this attack in both iOS (11.2) and macOS (10.13.2, as well as releases for Sierra and El Capitan), with further fixes coming down the pipeline as Intel releases further updates. Additionally, Apple has not reported any reduction in the performance of their operating systems following the mitigation deployment.
- Spectre - Spectre is a different vulnerability that is far more difficult to exploit, especially on an iOS device due to the curated nature of Apple's App Store. The most likely avenue of attack would be through a web browser. Mozilla's Firefox and Google's Chrome have already released updated versions that mitigate the attack, with Apple's Safari expected to be updated shortly as well.
What should I do?
As with any recently exposed vulnerability, don't panic, contact us with any questions or concerns. It's helpful to know that this is not a sudden and extreme instance, but has been on the technology world's radar since last summer which is why multiple mitigations have already been released and installed by end users across the world. As mentioned above, the ultimate safeguard is to install any and all updates that these manufacturers have released to mitigate Meltdown and Spectre, but it's incredibly important to do so in a deliberate and calculate fashion. For more on these vulnerabilities, check out Apple's official post here.