Security Bulletin: Meltdown and Spectre vulnerabilities Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka02a0000005uz8sai&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fsecurity-bulletin-meltdown-and-spectre-vulnerabilities
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Average Rating:
Security Bulletin: Meltdown and Spectre vulnerabilities
Published: Jan 4, 2018   -   Updated: Jan 4, 2018

Issue: Security Bulletin: Meltdown and Spectre vulnerabilities

Applies to: 
  • Meltdown
  • Spectre
  • Security

Resolution: 

Okta is aware of two recently-discovered vulnerabilities known as Meltdown and Spectre.  These vulnerabilities can allow a rogue process to access other processes and memory running on the same device.  This issue is detailed in the following Common Vulnerabilities and Exposures (CVE) bulletins:
The Spectre vulnerability impacts our Infrastructure vendor, AWS, and may pose a risk to Okta customers.  Okta has worked with our Vendor (AWS) to deploy fixes for Spectre.  At this time AWS has confirmed they have completed their patching at the infrastructure level to address this vulnerability.  We have not received any indication from our AWS that these vulnerabilities have been used to attack Okta or any other AWS customer.

Okta has determined that the Meltdown vulnerability does not pose significant risk to Customer Data and is following our standard security patch process to provide defense in depth. Okta is actively investigating what, if any, other additional mitigation steps need to be taken and will provide updates here as we continue our investigation.

Okta recommends customers to reach out to their OS and Browser vendors to ensure they have applied all the necessary security updates appropriate to address this security vulnerability.

For additional details and updates, please refer to Amazon's Processor Speculative Execution Research Disclosure

 

Post a Comment