Meltdown and Spectre Vulnerabilities

Announcement

As has been well publicized recently, the Spectre and Meltdown vulnerabilities exist in multiple modern CPU architectures and can permit an attacker to read the contents of memory. Based on how SafeConnect is deployed and accessed, it is not vulnerable to these attacks.

Full details of the "Meltdown" and "Spectre" vulnerabilities can be found
at the following URLs:
- https://meltdownattack.com/
- https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html
While SafeConnect does run on processors that are impacted, SafeConnect does *not* allow execution of arbitrary code by an unauthorized user. In order to exploit these vulnerabilities, an attacker would require that ability.

One caveat is when SafeConnect is deployed as a virtual appliance, running as guests under a hypervisor. If the hypervisor is vulnerable and untrusted users have access to other guest systems running under the same hypervisor, an attacker may be able to read memory from the virtual appliance. Contact your virtualization vendor to determine whether updates are available.