M5 Technologies statement on Meltdown and Spectre vulnerabilities
Last week, a group of researchers published details about a major security flaw, known as Meltdown and Spectre, which affects some Intel and AMD processors, or some processors using ARM cores. Attacks that exploit this bug could allow malicious software to spy deeply into other processes and data on the target computer or smartphone.Aware of the relevance of the matter, M5 Technologies Corporation has evaluated Meltdown and Spectre vulnerabilities and has determined that Mediatrix gateways, ATAs, and Sentinel are NOT vulnerable.
Impact to Mediatrix customers
Mediatrix platforms do not allow execution of a third party software, therefore they do not run arbitrary code and have no exploitable shell, being therefore non-vulnerable to Meltdown and Spectre.The Sentinel 400 allows a Virtual Machine (VM) to be installed through a licence mechanism. Customers making use of a VM licence must make sure the operating system they install on the virtual machine is safe and that the VM itself is protected from any form of malicious attacks.
Impacts for M5T and M5 Technologies-fone customers
Other M5 Technologies products that do not allow running non-embedded third party code are also not at risk, i.e.:
- M5T Sip Client Engine Software Development Kits
- M5 Technologies-fone SoftClients
While the list of third-party embedded libraries required by the M5T Sip Client Engine SDKs is provided to customers along with the software archive, the list of embedded third-party libraries for the M5 Technologies-fone SoftClients can be accessed here.As a general rule, to minimize the potential impact of these vulnerabilities, M5 Technologies recommends M5 Technologies-fone customers to take the following action:
- Install all Windows, Linux, Android, iOS, and Mac OS patches available with the latest updates from appropriate vendors.
References
Intel website – Issues updateArm website – Security updateMitre website – Spectre – CVE-2017-5715Mitre website – Spectre – CVE-2017-5753Mitre website – Meltdown – CVE-2017-5754
