Pepperdine IT Advisory: Meltdown and Spectre Vulnerabilities
January 9, 2018
As many members of the Pepperdine community have heard, Spectre and Meltdown are two processor security bugs that may affect nearly all computers and mobile devices. These bugs leave your computers and mobile devices vulnerable, allowing others to exploit your machines and potentially steal your personal and financial information. Consequently, you should do the following to all your devices (and in this order):
- Update antivirus program
- Update operating system
- Update Chrome and Firefox browsers
- Scan your computer
- Go to browsercheck.pepperdine.edu
- Install plugin, if prompted
- Run scan
- Update any applications, if prompted
- Rescan
The Pepperdine Information Technology (IT) team is aware of these security flaws and is closely monitoring developments to minimize exposure and protect data on university-owned computers and critical systems.
Students, faculty, and staff are encouraged to keep their personal computers and mobile devices up-to-date with the latest patches as they become available. If you are several versions back, it is advised to maintain current data backups before installing significant updates or upgrades.
Pepperdine IT has compiled the following resources to help your keep your devices safe.
Antivirus programs
You must first and foremost update your antivirus program*.
*Please note: all university-owned computers run the Sophos antivirus program which is updated automatically by the IT division.
Operating systems
Computers
Apple macOS
Update You Should Install: 10.13.2 or later (High Sierra)
How to Update Your Operating System
Apple has released mitigations in macOS High Sierra 10.13.2, which also includes updates for the Safari browser.
Microsoft Windows
Update You Should Install: "January 2018 security update release" (Windows 10, Windows 8, Windows 7)
How to Update Your Operating System
Microsoft has released the "January 2018 security update" to address issues related to the latest vulnerabilities. Systems should automatically install updates as they become available, but you can also view the Windows Update FAQ to learn how to check for updates, see installed updates, and more.
In addition to Windows updates, it is critical to use the latest antivirus solutions, too. Check your antivirus software manufacturer's website for their latest compatibility information and install any updates they recommend. To be fully protected, you must update both your antivirus software and your operating system.
Mobile Devices and Tablets
Apple iOS, tvOS, WatchOS
Version You Should Use: 11.2.2
In December, Apple released iOS 11.2 and tvOS 11.2 with mitigations to reduce the risk. In early January, Apple released iOS 11.2.2 which "includes security improvements to Safari and WebKit to mitigate the effects of Spectre." According to Apple, WatchOS is unaffected by the Meltdown and Spectre flaws.
Android
Version You Should Use: Varies by Manufacturer
How to Check Your Version
Some newer Android phones (such as certain versions of the Samsung Galaxy S8 and Note 8) have already received Google's December security update. Other manufacturers should start pushing their own updates within the next few weeks. Check your smartphone or tablet manufacturer support website for more details.
Web Browsers
Apple Safari
Version You Should Use: 11.0.2 or later
How to Check Your Version
Safari 11.0.2 includes mitigations against vulnerabilities on macOS. Apple has indicated that more mitigations are coming. The latest version of Safari is included with the latest version of macOS.
Firefox
Version You Should Use: 57.0.4 or later
How to Check Your Version
Your computer may have automatically updated Firefox on its own. Still, it is good
to verify whether your browser has been patched or not. Check that you are using Firefox version 57.0.4 or later for Mac and PC. If you are running an earlier version than this, you will need to
update your Firefox browser or download the latest version.
Google Chrome Browser
Version You Should Use: 63.0.3239.132 or later
How to Check Your Version
Similar to Firefox, Google Chrome may have auto-updated to the latest version with
the mitigations for these vulnerabilities. Check that you have Chrome version 63.0.3239.132 or later for Mac and PC. If you are running a version earlier than this, you will
need to update your Chrome browser or download the latest version.
Google has also announced an additional configuration option to protect yourself beyond
the basic security. Once you have updated your Chrome browser, you can enable 'Site Isolation.'
Microsoft Edge
Version You Should Use: 41.16299.15.0 or later with January update
How to Check Your Version
Microsoft has bundled the latest fixes with the "January 2018 security update." Use Windows Update to update your operating system and browser.
Microsoft Internet Explorer
Version You Should Use: 11.0.9600.18894 [Update Versions: 11.0.50 (KB4056568)]
How to Check Your Version
Microsoft has bundled the latest fixes with the "January 2018 security update." Use Windows Update to update your operating system and browser.
Need Help?
We understand that some of the solutions listed above are slightly more involved and you may require some assistance. We're here to help protect you. You may drop by the support desk at your local graduate campus or visit Tech Central in Malibu (located in the Thornton Administration Building, TAC B100, 9:00 AM to 5:00 PM, Monday-Friday). You may also call Tech Central at 310-506-4811 or the IT Service Desk at 310-506-4357 for questions or to schedule an appointment.