The news the past few days has been filled with stories on computer processor security vulnerabilities. These vulnerabilities, named Meltdown (which affects Intel processors) and Spectre (also affects processors from other vendors), could allow a hacker to steal information stored in the memory of a device. The problem has existed for more than 20-years, but was detailed this past summer by Google’s Project Zero. Intel acknowledged the problem in a statement released Wednesday.
During the past 48-hours most platform and cloud vendors issuing statements on what they have done, and what you need to do to diminish the threat. Microsoft, Apple, Red Hat, VMWare, Amazon, and Google have all responded with guidance and security updates.
Unitrends is vigilant when it comes to the security of our purpose-built backup appliances and our cloud environment. For our systems, the risk of this exploit is minimal because shell access is restricted, but many customers will need this resolved for compliance testing.
Chief Security Officer, Bob Antia, has this statement:
“Unitrends is supremely concerned about the security of our customers’ data and systems, both in our cloud and in our on-prem products.
Unitrends is issuing an emergency patch to mitigate the vulnerability in Unitrends Appliances and Cloud.
Our cloud data centers have not experienced a breach in any way, leverage our proprietary hardened backup software, and ensure security best practices are met at every level. Having said that, the Meltdown and Spectre vulnerabilities can expose risks to the confidentiality of customer data.
Unitrends recommends applying these patches immediately.”
A knowledge base article is posted in the Unitrends Community with more details on this security patch.