Pepperdine IT Advisory: Meltdown and Spectre Vulnerabilities
January 9, 2018
As many members of the Pepperdine community have heard, Spectre and Meltdown are two processor security bugs that may affect nearly all computers and mobile devices. These bugs leave your computers and mobile devices vulnerable, allowing others to exploit your machines and potentially steal your personal and financial information. Pepperdine Information Technology (IT) is aware of these security flaws and is closely monitoring developments to minimize exposure and protect data on university-owned computers and critical systems.
Students, faculty, and staff are encouraged to keep their personal computers and mobile devices updated with the latest patches as they become available. If you are several versions back, it is advised to maintain current data backups before installing significant updates or upgrades.
Consequently, you should do the following to all your personal devices (and in this order):
- Update your antivirus software
- Update your operating system
- Update Chrome and Firefox browsers
- Use browsercheck.pepperdine.edu
You must first and foremost update your antivirus software*. Visit the website of your antivirus provider for instructions to check for the latest software and definition updates. Windows users must update their antivirus software to receive the latest Windows updates.
*Please note: all university-owned computers run the Sophos antivirus program which is updated automatically by the IT division.
Apple has released mitigations in macOS High Sierra 10.13.3 and macOS Sierra 10.12.6, which also includes updates for the Safari browser.
Microsoft has released the "January 2018 security update" to address issues related to the latest vulnerabilities, which also includes updates for Edge or Internet Explorer browsers. View the Windows Update FAQ to learn how to check for updates, see installed updates, and more.
In December, Apple released iOS 11.2 and tvOS 11.2 with initial mitigations, and in early January, Apple released iOS 11.2.2 along with iOS 11.2.5 later in the month which "includes security improvements to Safari and WebKit to mitigate the effects of Spectre." According to Apple, WatchOS is unaffected by the Meltdown and Spectre flaws.
Some newer Android phones or tablets (such as certain versions of the Samsung Galaxy S8 and Note 8) have already received Google's December security update. Other manufacturers should start pushing their own updates within the next few weeks. Check your smartphone or tablet manufacturer support website for more details.
Google Chrome may have auto-updated to the latest version with the mitigations for these vulnerabilities. Check that you have Chrome version 63.0.3239.132 or later for Mac and PC. You may also explore an additional configuration option called "Site Isolation" to protect yourself beyond the browser's basic security. Once you have updated your Chrome browser, you can enable 'Site Isolation.'
Your computer may have automatically updated Firefox on its own. Check that you are using Firefox version 57.0.4 or later for Mac and PC.
Your computer may have automatically updated Safari on its own or in conjunction with your macOS update. Check that you are using Safari version 11.0.2 or later for Mac.
We recommend that you routinely scan your computer for updates using browsercheck.pepperdine.edu.
- Go to browsercheck.pepperdine.edu
- Install the plugin, if prompted
- Run scan
- Update any applications, if prompted
- Rescan until all issues are addressed
We understand that some of the solutions listed above are slightly more involved and you may require some assistance. We're here to help protect you. You may drop by the support desk at your local graduate campus or visit Tech Central in Malibu (located in the Thornton Administration Building, TAC B100, 9:00 AM to 5:00 PM, Monday-Friday). You may also call Tech Central at 310-506-4811 or the IT Service Desk at 310-506-4357 for questions or to schedule an appointment.