CPU hardware vulnerable to side-channel attacks (“Meltdown” and “Spectre”)

sam
New Contributor III
New Contributor III

Vulnerabilities related to CPU hardware vulnerable to side-channel attacks, also referred to as Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753), were officially reported on January 4, 2018:

http://www.kb.cert.org/vuls/id/584653

We want you to know that we are aware of these issues and are actively engaged in steps to address them in services that we manage, including Jamf Cloud.

Amazon Web Services (AWS) provides the platform for Jamf Cloud, and AWS has addressed their portion of the vulnerability remediation as outlined in the following security bulletin:

https://aws.amazon.com/security/security-bulletins/AWS-2018-013/

We are actively monitoring the situation and will take all necessary steps to continue to protect Jamf Cloud instances, including installing required patches as soon as they are available. It is also important to monitor for the latest operating systems and patch them as they become available from Apple.

3 REPLIES 3

sepiemoini
Contributor III
Contributor III

Thanks for the update, @sam!

donmontalvo
Esteemed Contributor III

@sam We knew you guys would be all over this!

PS, your profile pic is broken...unless your profile is of a broken profile pic.

--
https://donmontalvo.com

ammonsc
Contributor II

Does anyone know if there is or could be an Extension Attribute to list if a machine is still vulnerable to specter/meltdown?