Recommendations for Meltdown & Spectre

The following is taken from a communication we sent our clients last week summarizing our basic recommendations for protection from the Meltdown & Spectre vulnerabilities.

The safety of our clients’ sensitive information is our top priority.  However, we do not want to act hastily and make matters worse.  Rather than recommend untested patches and updates, we are monitoring our partners and vendors and will provide specific recommendations when appropriate.

While some patches and updates require our expertise to ensure that there is no interruption in your operations, others will happen automatically or be part of your regular maintenance.

The following updates are ones you can undertake yourselves right now, and forward to all your employees.  As always, please let us know if you’d like our help with these updates.  If you have any questions at all, please reach out to your account team.

Mac OS workstations: Apple has released an update to mitigate risk on its computers.  The patch, named 10.13.2 Supplemental Update, is only available for Mac OS 10.13 (High Sierra).  We recommend that all our clients with High Sierra install this patch immediately.  If you are not yet running High Sierra, your Account Team will reach out to you in the coming days to ensure you are properly updated.

iPhones: Apple has released an update to mitigate risk on its iPhones.  The patch, named iOS 11.2.2, is only available for phones with iOS 11.2.  We recommend our clients update to the latest iOS, and accept all then install this patch as soon as possible.

Android phones: Because of the many manufacturers and flavors of Android, patches and updates for Spectre and Meltdown will be specific to the device you are using.  We recommend our clients accept all updates and keep their Android devices running the latest available system and application updates.

Internet Browsers: Browsers such as Google Chrome, Firefox, Internet Explorer/Edge, and Safari are potential entry points for malicious code that seeks to exploit these vulnerabilities.  These browsers have all recently released updates.  While most browsers update automatically, we recommend that users ensure they are using the latest version.  If you want more information on updating your browsers, please reach out to you account team.

While there have been reports of performance hits from some updates and patches, the majority of our clients’ hardware is powerful enough to withstand some performance degradation and, in most cases, the change will not be noticeable.

It’s also important to remember that most of the risks to your sensitive information are unrelated to these new vulnerabilities.  Always practice safe computing and ensure that all users in your company follow your security guidelines, including keeping strong passwords and looking out for phishing scams.

Finally, if you are interested in a thorough, yet not-too-technical explanation of Meltdown & Spectre we recommend this Red Hat blog post.