Meltdown and Spectre

Last updated: 10:30am January 9, 2018

Security vulnerabilities called Meltdown and Spectre have been identified that affect Mac and Windows workstations, mobile devices, and servers. These vulnerabilities allow for protected memory to be accessed that may include sensitive information such as passwords and cryptographic-keys.

University Systems recommends that clients ensure that their devices are updated to mitigate against Meltdown and Spectre. This post will be updated as we become aware of security updates to mitigate these vulnerabilities.

More information about Meltdown and Spectre

Meltdown security updates and notices

Windows

  • Known systems affected: Windows 7 and newer
  • Recommended action: Allow Windows to perform an automatic update. This will require keeping your UVic workstation or laptop plugged in and turned on over night to allow automatic updates to run.
  • Microsoft security bulletin

Apple Mac OS

  • Known systems affected: All versions of MacOS 10.x are affected. Apple has only provided patches for Mac OS 10.11-10.13
  • Recommended action for Mac OS version 10.11-10.13: Allow MacOS to perform automatic updates.
  • Recommended action for Mac OS 10.0-10.10: Upgrade to a supported version of MacOS or replace your Mac with newer hardware.
  • Apple security bulletin

Apple iOS and tvOS

  • Known systems affected: Apple has provided updates for iPhone 5S and newer, iPad Air and later, iPod Touch 6th generation, tvOS
  • Recommended action: Update all iOS and tvOS devices
  • Apple security bulletin

Android

Linux and other platforms

Spectre security updates and notices

Google Chrome

  • Recommended action: Update to version 63 and enable Full Site Isolation.
  • Full Site Isolation has been applied to all centrally-managed UVic workstations running Chrome.
  • Google Chrome FAQ

FireFox

Apple/Safari

iOS

Internet Explorer/Edge

  • Recommended action: Apply updates via Windows automatic update. These have been applied to all centrally-managed UVic workstations.
  • Microsoft security bulletin

If you have any questions or concerns, please contact your Desktop Support Services (DSS) support person or the Computer Help Desk at helpdesk@uvic.ca or 250-721-7687.