As previously noted in this article, design issues in Intel® and other processors could allow access to protected kernel memory areas. The issues, referred to as Meltdown and Spectre, appear to affect most processors produced since 1995, regardless of the OS that's running (Windows®, macOS®, or Linux®). For more information about the Meltdown and Spectre vulnerabilities, see this article as well as the official CVEs: CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754.
Vidyo takes security very seriously, and we have been treating this issue with the utmost priority. As you may be aware, Intel recalled their microcode update for Spectre due to various issues. This had an effect on our update testing. However, we continue to make headway and are publishing this updated article to keep you informed of our progress. Here is the current status:
- Cloud services: Our cloud providers are currently patching their infrastructure to mitigate the issues. As with the rest of the industry, they are pulling in patches as they are delivered by the various stakeholders.
- Server-based products: Vidyo server-based products are not directly vulnerable since these products only execute trusted code from Vidyo. However, since all new kernels will contain these fixes, we are testing a patched kernel that addresses these vulnerabilities without adversely affecting performance. An update is currently in QA and will be released once it passes testing.
- Endpoints: To mitigate the issues, Vidyo endpoints require an updated OS. Vidyo is currently testing our endpoints on the various platforms to determine the potential performance impact.
- VidyoRoom™ Systems: VidyoRoom systems run only trusted code from Vidyo and are not at risk from either Meltdown or Spectre.