Meltdown [CVE-2017-5754] is a vulnerability due to a flaw found within computer processors that leave desktop and mobile devices (endpoint data) potentially vulnerable to various security issues. Meltdown is a hardware-related vulnerability that cannot be externally detected. It affects operating systems, specifically Intel x86, Qualcomm, and some ARM CPUs.
- Researchers have found that many computer chips leave sensitive information indirectly exposed in memory. As a result, attackers can use these flaws to access sensitive data, like passwords, or look at what tabs someone has open on their computer.
- Opens access to sensitive operating system secrets (Passwords, cryptographic keys, etc).
We recommend applying all available operating system updates as soon as possible:
This article will be updated with patch information for applications that we track, as it becomes available.
- Refer to the Mobile Software and Desktop Software risk vectors to find unsupported operating systems in your organization and update them to at least the versions listed below.
- To see if a company in your portfolio is vulnerable, use the “Software” filter in the Portfolio page.
|Mac OS, iOS||Available as Mac OS 10.3.2; iOS 11.2:
|Google Android||Published, but relies on the phone vendor to make the update available to end-users:
|Microsoft Windows 10||Available:
|Red Hat Linux||In progress:
|Ubuntu Linux||In progress:
|Debian Linux||In progress: