This is an important advisory for our readers about the recently discovered CPU exploits called Meltdown and Spectre.
As per the recent disclosure of Meltdown and Spectre vulnerability in popular CPUs, successful exploitation of these vulnerabilities will potentially allow an attacker to access recently accessed sensitive information like usernames and passwords from the system memory. After getting access to this sensitive data an attacker can steal the user data thus putting the user’s security at risk
Meltdown is known to affect only Intel processors and Spectre is found to be affecting Intel, ARM, and AMD processors. Quick Heal Security Labs has published a detailed blog post on the Meltdown and Spectre CPU vulnerabilities.
To address these vulnerabilities, users are advised to update both hardware and software. This includes firmware updates from device manufacturers and in some cases, updates to the antivirus software to ensure compatibility with the (OS and browser) updates.
Companies such as Apple and Microsoft have released updates to mitigate these vulnerabilities.
Compatibility with Microsoft Update
To fix these vulnerabilities, Microsoft released out-of-band Windows Security updates on 3rd January 2018. With these updates, Microsoft identified an update compatibility issue on some systems which resulted in the Blue Screen of Death (BSOD). This issue was caused due to the incompatibility of some of the antivirus applications and applied Windows security updates. Microsoft had requested security ISVs (Independent Software Vendors) to perform testing with the January 3 update in order to ensure their products are compatible with this update.
Based on the results of the tests conducted against the update, we would like to confirm that all Quick Heal products are compatible with the January 3 Microsoft update.
Compatibility with Apple Updates
We would like to confirm that all Quick Heal products are compatible with Apple maintenance update released for mitigating these vulnerabilities.
Apple support links:
We recommend all our users to apply the latest updates of Quick Heal (publicly available) followed by OS and browser updates.
Based on the available information at this point, no instances of exploitation of these vulnerabilities have been observed in the wild. Quick Heal’s multilayered protection will continue to keep our customers safe from any related threats, if found in the future.
We are keeping a close watch on this development and will keep updating this post accordingly.