In the first week of January 2018, researchers uncovered two major vulnerabilities in modern CPU design. Dubbed as MELTDOWN and SPECTRE, these vulnerabilities pose serious security threats to the vast majority of processors powering modern devices.
Introducing Meltdown and Spectre
Both these vulnerabilities have to do with certain design flaws in the architectures of modern processors, particularly Intel ones. In effect, if exploited correctly, the raw (protected) data in the kernel could be exposed.
Meltdown allows access to memory locations in the kernel memory. The process affects the CPU architecture’s barriers that prevent access and mixing up of application data in the kernel memory. This vulnerability affects Intel processors in particular.
Spectre is a set of vulnerabilities that exposes critical application data and information to unauthorized processes. Almost all popular Intel, ARM and AMD processors are affected by Spectre.
It is important to understand that these two vulnerabilities are not exclusively caused by hardware issues or software loopholes. In fact, they take advantage of the way optimizations are built into the architecture of modern processors. This is why the problem is so widespread and requires immediate mitigating actions.
Protection is on the way!
As soon as the vulnerabilities were discovered, all IaaS providers started patching up their infrastructures. At the moment, patching is completed on the underlying host level. Our engineers have also started working on the patching cycle.
Since Cloudways offers the choice of six major cloud providers, we are working closely with all of them to ensure that your servers remain protected. On the providers’ end, Amazon Web Services (AWS) and Google Compute Engine (GCE) have already patched their infrastructure. DigitalOcean, Vultr and Linode are in the process of patching and testing their infrastructure. Kyup has finished the patching process.
On our end, our engineers have also started the patching process of the virtual machines. We will continue to post updates of the process as it continues.