Update [January 10, 2017]: New patch information for Meltdown and browser mitigation information for Spectre added.
Note: Open Telekom Cloud customers refer to T-Systems' announcement here.
Two security vulnerabilities (composed of three variants CVE-2017-5753, CVE-2017-5715, CVE-2017-5754) known as Meltdown and Spectre were reported on January 2 and 3, 2018. These vulnerabilities are specific to Intel, AMD, and ARM processors, and thus impact most organizations, including those using cloud service providers.
Patches for Meltdown have now been published for most major operating systems, including Linux, Windows, and Mac OS. Intel has also released microcode patches for Linux. OneLogin is actively working on getting systems patched accordingly.
Our principal cloud service provider, AWS, has completed patching their infrastructure.
Unfortunately, there are currently no known patches for Spectre, but mitigations are available for Chrome (optional), Safari (version 11.0.2), and Firefox (version 57.0.4). Please note, these are mitigations and don't completely remove the risk of a Spectre based attack.