AAEON Security Announcement2018-01-31
Meltdown & Spectre – Intel Side-Channel Vulnerability
The Intel Security Center recently announced that computing devices fitted with microprocessors that make use of speculative execution and indirect branch prediction processes could allow attackers with local user access via side-channel analysis to gain unauthorized disclosure of information. Such attacks are also known as “Meltdown and Spectre.”
We want to assure our customers that we are following this issue, and our engineers are actively working with our partners to mitigate the risk of data theft and provide a permanent solution. Customers should also be aware that AAEON has not received any information to indicate that these vulnerabilities have been used as part of any real-world attacks.
Software developers have already designed patches and updates that tackle Meltdown and Spectre, and AAEON recommends that you investigate measures put forward by both Microsoft and open source communities.
1. Microsoft’s Security TechCenter has recommended that customers install the January 2018 Windows security updates to guard against the following vulnerabilities related to speculative execution side-channel attacks:
- CVE-2017-5753 - Bounds check bypass
- CVE-2017-5715 - Branch target injection
- CVE-2017-5754 - Rogue data cache load
For more information, visit the Security TechCenter
Open source communities have developed patches for protection against Meltdown and Spectre. For more information, visit the following links
2. AAEON is working closely with Intel and our BIOS vendor to update its firmware. Please contact your AAEON representative to access your firmware.
3. To protect yourself against all forms of malware, we also advise you to always follow safe computing practices, including:
- Installing firmware, driver, and security software updates whenever available
- Implementing both hardware and software firewalls
- Never installing software or programs you're not familiar with
- Avoiding websites you're not familiar with
- Never using the same password on multiple websites
- Following guidelines to set strong passwords
AAEON engineers have verified that the following products are unaffected by this issue:
Additional information about unaffected products can be found in the table below.
|Product family (titles use former Intel codenames)||Processors that may be used in this family|
|AAEON Pineview product family||https://ark.intel.com/products/codename/32201/Pineview#@embedded|
|AAEON Cedarview product family||https://ark.intel.com/products/codename/37505/Cedarview#@embedded|
Based on Intel’s findings and work carried out by AAEON engineers, we are able to present a clear outline of our product range, detailing which product families are affected by this issue and when we expect to release firmware to safeguard other products against this vulnerability. Customers should be aware that the dates given are provisional and could be changed as new developments occur.
For information about AAEON products not covered in this table, please contact AAEON directly.
For more information about Intel Side-Channel Vulnerability, please refer to Intel’s official announcement page.
Thank you for choosing AAEON boards and systems. We appreciate your custom and want to assure you that we will always be committed to delivering secure computing solutions.