This article applies to inSync and Phoenix.
Problem description (vulnerability information)
Spectre and Meltdown represent a new class of side-channel attacks that impact most processors, including processors from Intel, AMD, and ARM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory.
Affected software
This vulnerability affects multiple components of the Druva Cloud Service for both inSync and Phoenix from our IaaS/PaaS, as well as operating system vendors.
Resolution
While the vulnerability is fairly difficult to exploit, Druva is working with its IaaS/PaaS and operating system vendors to accelerate their schedules for delivery of the latest patches to resolve the vulnerability. Once we receive the patches from these vendors, they will immediately go through our vulnerability management process, QA’d, and pushed to our production cloud product instance.
See also/contact
For any additional information regarding this update, please contact security@druva.com.