Pepperdine IT Advisory: Meltdown and Spectre Vulnerabilities

January 9, 2018

As many members of the Pepperdine community have heard, Spectre and Meltdown are two processor security bugs that may affect nearly all computers and mobile devices. These bugs leave your computers and mobile devices vulnerable, allowing others to exploit your machines and potentially steal your personal and financial information. Consequently, you should do the following to all your devices (and in this order):

  1. Update antivirus program
  2. Update operating system
  3. Update Chrome and Firefox browsers
  4. Scan your computer

The Pepperdine Information Technology (IT) team is aware of these security flaws and is closely monitoring developments to minimize exposure and protect data on university-owned computers and critical systems.

Students, faculty, and staff are encouraged to keep their personal computers and mobile devices up-to-date with the latest patches as they become available. If you are several versions back, it is advised to maintain current data backups before installing significant updates or upgrades.

Pepperdine IT has compiled the following resources to help your keep your devices safe.

Antivirus programs

You must first and foremost update your antivirus program*.

 

*Please note: all university-owned computers run the Sophos antivirus program which is updated automatically by the IT division.

 

Operating systems

Computers

Apple macOS

Update You Should Install: 10.13.2 or later (High Sierra)
How to Update Your Operating System

Apple has released mitigations in macOS High Sierra 10.13.2, which also includes updates for the Safari browser.

Microsoft Windows

Update You Should Install: "January 2018 security update release" (Windows 10, Windows 8, Windows 7)
How to Update Your Operating System

Microsoft has released the "January 2018 security update" to address issues related to the latest vulnerabilities. Systems should automatically install updates as they become available, but you can also view the Windows Update FAQ to learn how to check for updates, see installed updates, and more.

In addition to Windows updates, it is critical to use the latest antivirus solutions, too. Check your antivirus software manufacturer's website for their latest compatibility information and install any updates they recommend. To be fully protected, you must update both your antivirus software and your operating system.

Mobile Devices and Tablets

Apple iOS, tvOS, WatchOS

Version You Should Use: 11.2.2

In December, Apple released iOS 11.2 and tvOS 11.2 with mitigations to reduce the risk. In early January, Apple released iOS 11.2.2 which "includes security improvements to Safari and WebKit to mitigate the effects of Spectre." According to Apple, WatchOS is unaffected by the Meltdown and Spectre flaws.

Android

Version You Should Use: Varies by Manufacturer
How to Check Your Version

Some newer Android phones (such as certain versions of the Samsung Galaxy S8 and Note 8) have already received Google's December security update. Other manufacturers should start pushing their own updates within the next few weeks. Check your smartphone or tablet manufacturer support website for more details.

Web Browsers

Apple Safari

Version You Should Use: 11.0.2 or later
How to Check Your Version

Safari 11.0.2 includes mitigations against vulnerabilities on macOS. Apple has indicated that more mitigations are coming. The latest version of Safari is included with the latest version of macOS.

Firefox

Version You Should Use: 57.0.4 or later

How to Check Your Version
Your computer may have automatically updated Firefox on its own. Still, it is good to verify whether your browser has been patched or not. Check that you are using Firefox version 57.0.4 or later for Mac and PC. If you are running an earlier version than this, you will need to update your Firefox browser or download the latest version.

Google Chrome Browser

Version You Should Use: 63.0.3239.132 or later
How to Check Your Version

Similar to Firefox, Google Chrome may have auto-updated to the latest version with the mitigations for these vulnerabilities. Check that you have Chrome version 63.0.3239.132 or later for Mac and PC. If you are running a version earlier than this, you will need to update your Chrome browser or download the latest version.

Google has also announced an additional configuration option to protect yourself beyond the basic security. Once you have updated your Chrome browser, you can enable 'Site Isolation.'

Microsoft Edge

Version You Should Use: 41.16299.15.0 or later with January update
How to Check Your Version

Microsoft has bundled the latest fixes with the "January 2018 security update." Use Windows Update to update your operating system and browser.

Microsoft Internet Explorer

Version You Should Use: 11.0.9600.18894 [Update Versions: 11.0.50 (KB4056568)]
How to Check Your Version

Microsoft has bundled the latest fixes with the "January 2018 security update." Use Windows Update to update your operating system and browser. 

 

Need Help?

We understand that some of the solutions listed above are slightly more involved and you may require some assistance. We're here to help protect you. You may drop by the support desk at your local graduate campus or visit Tech Central in Malibu (located in the Thornton Administration Building, TAC B100, 9:00 AM to 5:00 PM, Monday-Friday). You may also call Tech Central at 310-506-4811 or the IT Service Desk at 310-506-4357 for questions or to schedule an appointment.

IT Service Desk

Have A Suggestion for IT?

Click to share your suggestion, anonymously if preferred, to improve Pepperdine IT.