Meltdown and Spectre Vulnerabilities
New York, NY – We at Adept Technologies have already updated all of our server systems at our datacenters and offices for the Meltdown and Spectre Vulnerabilities. We have already sent out updates to our “on-premise” software systems that support the fixes being released by OEM vendors.
For our “off-premise” solutions over the last ten years we at Adept Technologies have invested large sums of money in having our own hardware and datacenter spaces. We do not use Amazon, Google, Microsoft Azure or any other 3rd party “cloud” service providers and we never will. We do not use VMware or any other Hypervisor based technology. Unlike other technology companies that leverage these services to reduce their costs with your data, we are not like them, and you are safe with us.
We have added information based on outside sources on what is Meltdown and Spectre Vulnerabilities, it is listed below.
What are Meltdown and Spectre?
Three critical vulnerabilities were recently identified by independent teams of security researchers. The three vulnerabilities, collectively dubbed Meltdown and Spectre, impact all Intel CPUs built in the last 10 or so years – which is quite a significant number of devices. These two vulnerabilities enable a malicious user LAN application to read the protected kernel memory of other processes (Meltdown) and applications (Spectre). This could include things like passwords, personal documents, and credit card data.
Who is affected by this?
Almost everyone, especially Cloud Server providers. Meltdown exclusively impacts Intel processors. So, if you have an Intel CPU you’re impacted. Spectre on the other hand impacts Intel, AMD, and ARM processors. Combined, the list of vulnerable devices includes PCs, Macs, Android and iOS devices, and smart devices – all of which run a potential vulnerable CPU.
How are they exploited?
Exploitation occurs through the execution of malicious untrusted applications. Proof of concept JavaScript code has been released for Linux. This means that all a victim has to do is visit a website that has been compromised. Spectre is a more difficult vulnerability to exploit, and to this point no proof of concept code has been seen in the wild.
What do they do?
The vulnerabilities enable an attacker that has gained access to the device to be able to defeat the barriers between the memory space of user-land (normal) processes and kernel process. This effectively enables a malicious application to read portions of kernel memory, which often contains data prior to being encrypted, processed, and sent to a socket.
How do I protect myself?
Update your software! Microsoft, Apple, Google, and other vendors have released patches to mitigate the risk Meltdown. If an update is available for your platform, install it. Intel has also announced that 90% of the CPUs released within the last 5 years will have a patch available by next week, which should mitigate the impact of Spectre.
Outside of software updates, use sound fundamental security principles when accessing the Internet. Avoid downloading an executing files from untrusted sources, and avoid visiting unknown sites.
