Meltdown and Spectre (update 16/01/18).
Two major vulnerabilities discovered affecting almost all devices on the market have been dominating the headlines recently, stretching beyond the normal tech news and into mainstream media.
This is for good reason; these vulnerabilities, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), affect a very basic CPU function known as speculative execution which is used in all modern CPUs.
Vendors are working quickly to patch the vulnerabilities and most have already released mitigation’s, however until devices are updated they will remain at risk.
We have detailed the vulnerabilities and what customers need to do to secure their devices on the CWSI blog, you can read more about Meltdown and Spectre here.
Meltdown potentially impacts systems running MobileIron server products. This includes MobileIron physical appliances. An attacker who gains unprivileged access to a vulnerable system could potentially extract memory from other processes or VM’s.
MobileIron Core, Sentry, and Cloud product deployments are less prone to this kind of attack as the system does not normally allow unprivileged users to run arbitrary programs. However, MobileIron is working to release patches to protect customers.
To fully address these issues, customers will need to apply a combination of MobileIron patches and 3rd party patches to address issues in hypervisors, virtual machines, and mobile devices.