You are here: Home / News & more / News / Security leaks – message for our customers

Security leaks – message for our customers

Illustration de l'actualité - cliquer pour agrandir

Spectre & Meltdown

You have probably learnt from the press about two leaks that have been present in all Intel processors since 1995.
These two leaks, called Meltdown and Spectre, allow a malevolent code to read data recently cached by the microprocessor.

The Meltdown leak only affects Intel processors, while Spectre also affects AMD and ARM processors (those in PDA, tablets, Raspberry Pi, etc.).

Whereas it seems to be possible to reduce the attack surface of Meltdown easily using a patch in the operating system, that of Spectre is more complicated to upgrade and requires:

  • the upgrading or reconfiguration of badly affected software programs (mainly Internet browsers at the moment)
  • the upgrading of the firmware in the computer and/or the µcode of the processor (not yet available for most computers).

Apple has already published upgrades for its most recent operating systems for all its affected peripherals.
Microsoft has started to deploy this type of patch, but due to incompatibilities has not pushed them all to users.
Linux does not yet have stable patches deployed on a large scale.

Although the attack surface of these leaks is very small and the probability that they will access sensitive data in the BRIC servers is almost negligible, we are taking these leaks very seriously.

We listen constantly to our suppliers of equipment comprising processors affected by these leaks. We will take corrective measures when they are available. As always, we undertake only to use libraries and software programs from safe and authenticated sources and of course, we do our utmost to ensure that the software programs are patched with the latest versions from a security point of view.