Major vulnerabilities Meltdown and Spectre.
This is for good reason; these vulnerabilities, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), affect a very basic CPU function known as speculative execution which is used in all modern CPUs.
To improve performance, a CPU may predict and execute instructions ahead of time. If these predictions are incorrect they will be rolled back silently and invisibly without affecting running applications, however if correct, the execution can continue much faster for the software requiring them, thus improving performance.
Although exploitation can be difficult, while undertaking speculative execution, some information may occasionally be left in memory and not cleared down, leaving it exploitable to a potential attacker.
There are, however, no known exploits of this in the wild today as confirmed by Google, Apple and others.
Notable mobile devices at risk include the Galaxy S8, S8+, Note 8, Google Pixel 2 and Pixel 2XL, as well as iPhone, iPad, Mac and Apple TV.
Intel is working with ARM and AMD to fix this at the hardware level, however Apple, Google, Microsoft and others are also patching this via software.
Meltdown potentially impacts systems running MobileIron server products. This includes MobileIron physical appliances. An attacker who gains unprivileged access to a vulnerable system could potentially extract memory from other processes or VM’s.MobileIron Core, Sentry, and Cloud product deployments are less prone to this kind of attack as the system does not normally allow unprivileged users to run arbitrary programs. However, MobileIron is working to release patches to protect customers.
MobileIron will be releasing necessary updates across our products with the respective patches applied. We will keep you informed on the release date.
Customers with a upgrade or platform management subscription will be contacted asap to plan the intervention.
Customers using virtualization will want to apply patches from their hypervisor provider as well.
Shared SaaS: The VMware AirWatch SaaS Service team is currently evaluating, identifying, and patching affected systems in our SaaS environments related to vulnerabilities described in CVE-2017-5753, CVE-2017-5715 (Spectre), and CVE-2017-5754 (Meltdown).Dedicated SaaS: In the event VMware AirWatch must perform maintenance that will affect our service availability to our SaaS dedicated customer environments, AirWatch will work with you to determine suitable scheduling of these activities.
On-Premise: On-Premise environments managed by customers should be remediated in accordance with the guidance document provided by your operating system vendor(s). VMware AirWatch is in the process of evaluating shipped products to determine whether patching is necessary. At this time, VMware AirWatch has not identified any AirWatch products requiring software patches.
First and foremost, ensure devices are updated – for Windows and iOS/macOS devices the updates will be immediately available, for Android devices the security patch is available already for some devices, but still in progress for others. Check frequently.
Secondly, CWSI has always recommended only installing applications from reputable sources, such as official app stores, and for this issue our advice is no different; installation from 3rd party locations is the leading source of malware infection on mobile devices.
If you wish more detail on these controls or anything else in relation to this advisory please don’t hesitate to contact us.
While these vulnerabilities are severe, it is worth reiterating that there are no known exploits in the wild. Meltdown requires the installation of local software in order to achieve an exploit and Spectre is considerably more difficult, requiring perfect timing, in order to do so.
As long as devices are kept up to date as mitigations are deployed, customer devices should be safe.
For questions or concerns, please get in touch.