Protecting Yourself From Spectre, Meltdown and other Speculative Execution (“SPEX”) Vulnerabilities
Helping Akamai professionals protect themselves and the company from cyber-threats
Protecting Yourself
From Spectre, Meltdown and other Speculative Execution (“SPEX”) Vulnerabilities
Three potentially damaging vulnerabilities code-named Meltdown and two variants of Spectre have been announced.
These vulnerabilities are found within the architecture of processors used across a wide variety of devices including computers, tablets, and smartphones. Code to exploit these vulnerabilities is publicly available, and we can expect that more capable code will be released soon. For more information on the vulnerability, you can read the Akamai Blog post here:
https://blogs.akamai.com/2018/01/impact-of-meltdown-and-spectre-on-akamai.html
What this Means for You
All major chip manufacturers including Intel, AMD, and ARM have acknowledged the existence of these vulnerabilities. Any desktop, laptop, tablet, or smartphone using these processors are at risk until they are patched.
What it Takes to Exploit this Vulnerability
These vulnerabilities are difficult to exploit and require that an attacker have access to install and run malicious software, or for you to browse to a web page or application containing malicious JavaScript code.
If an attacker is able to successfully exploit your system there are risks to:
Confidentiality
Sensitive information, including passwords, keys, and other authentication credentials, could be disclosed to the threat agent.
Integrity and Availability
If credentials are compromised, a threat agent might access, modify, or destroy your information assets.
Please Note
Current fixes for speculative execution (“SPEX”) vulnerabilities may impact performance. According to some reports, fixes for these these vulnerabilities may reduce system performance by as much as 35%. However, hardware manufacturers report that the impact on most users will be minor.
How to Protect Yourself
You can follow these steps to protect all of your devices. These steps should be followed for any personal devices as well as for all of your Akamai devices
-
Click Carefully
Do not click on links or open any downloaded applications unless you are sure the source is legitimate. Until these vulnerabilities are mitigated, it is best to avoid freeware or shareware applications that do not come from a trusted source. If you are in doubt as to the validity of a link, an application or if you suspect that your system has been compromised, contact the Akamai Global Helpdesk immediately!
-
Backup
To protect your data ensure that you have a recent backup stored outside your primary device. If you have questions about how to best backup and protect your data contact a Helpdesk Specialist for assistance.
-
Update Antivirus Protection
Make sure you keep your antivirus or endpoint protection up to date. Updates to these applications are ongoing, and ensuring they are up to date is the best protection against malware infection. If you have systems off net, connect to the Akamai network to update your AV and to get the latest definitions.
-
Patch and Update
Install security patches as soon as possible, including on your personal devices
- Apple has released fixes for Meltdown for iOS 11.2, macOS 10.13.2 , and tvOS 11.2. watchOS did not require mitigation. Previous versions of iOS, macOS, and tvOS are still potentially vulnerable. Apple is working on fixes for Spectre as of the date this document is being prepared. Additional information can be found here:
https://support.apple.com/en-us/HT208394
Please Note
macOS users should not upgrade to macOS 10.13.2 (High Sierra) until advised to do so by the Akamai Global Helpdesk.
- Apple has released fixes for Meltdown for iOS 11.2, macOS 10.13.2 , and tvOS 11.2. watchOS did not require mitigation. Previous versions of iOS, macOS, and tvOS are still potentially vulnerable. Apple is working on fixes for Spectre as of the date this document is being prepared. Additional information can be found here:
- Microsoft has released updates for Windows 7, 8, and 10. If Windows does not allow you to install patches, you may need to ensure all antivirus protection software is up to date first. Additional information can be found here:
https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
-
Configure Chrome for Site Isolation
If you use Google Chrome you can reduce or eliminate the threat from malicious ECMAscript/Javascript attacks by enabling site isolation. Here are the steps:
- Make sure you are running Chrome 63 or later
- Go to chrome://flags/#enable-site-per-process
- Click “enable” on the “Strict site isolation” option
- Close, and launch Chrome again
-
Upgrade Firefox
Upgrading to Firefox version 57.0.4 mitigates this issue but further updates from Firefox are expected.
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/