Recently published research has revealed that nearly every computer chip manufactured in the last 20 years contains fundamental security flaws, with specific variations on those flaws being dubbed Spectre and Meltdown. The flaws arise from features built into chips that help them run faster, and while software patches are available, they may have impacts on system performance. These vulnerabilities, if exploited, allows attackers to get access to data previously considered completely protected. Security researchers discovered the flaws late in 2017 and publicized them in early 2018.
More information about both the Meltdown and Spectre vulnerabilities is available at https://meltdownattack.com.
An application running on a server that is vulnerable to them can use these flaws to access the protected memory used by other processes. As with all other processes, memory used by Adeptia application is vulnerable to snooping from another process running on the same host. Adeptia strongly recommends that you apply the appropriate OS patches to protect against this to the servers that you utilize.
To address the Meltdown/Spectre Vulnerability Adeptia suggests the following 3 steps:
- Install latest operating system (Windows or Linux) updates that patch this vulnerability on the servers where Adeptia is running
- Check with your hardware provider to see if they have any firmware updates for the servers where Adeptia is running
- Update the web browser patches that fix this vulnerability
These 3 steps should secure the Adeptia application for Meltdown/Spectre Vulnerability. As far as we are aware, Adeptia application itself does not provide an attack vector that a remote user can use to exploit these vulnerabilities. So, Adeptia does not need an application patch/update for this vulnerability.
Once the OS and firmware patches are applied, processes that perform large numbers of system calls may incur a performance penalty due to the impact of the patches. Adeptia, for example, may therefore require additional CPU resources, so please monitor the effect of the patches and be prepared to scale up if necessary.
We are closely following details of these vulnerabilities and will update this notice as more details emerge.
