Archived AnnouncementsBack to Announcements Page

  • Security Update for the Spectre / Meltdown Exploit


    Vulnerability Information
    Spectre and Meltdown represent a new class of side-channel attacks that impact most processors, including processors from Intel, AMD, and ARM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory.  

    Affected Software
    This vulnerability affects multiple components of the Druva Cloud Service for both inSync and Phoenix from our IaaS/PaaS, as well as operating system vendors.

    Mitigation/Resolution
    While the vulnerability is fairly difficult to exploit, Druva is working with its IaaS/PaaS and operating system vendors to accelerate their schedules for delivery of the latest patches to resolve the vulnerability. Once we receive the patches from these vendors, they will immediately go through our vulnerability management process, QA’d, and pushed to our production cloud product instance. 

    Contact
    For any additional information regarding this update, please contact security@druva.com.