IT Security - Protecting against the Meltdown and Spectre vulnerabilities
First Posted: Monday 8th January 16:00, Updated: Friday, 12th January, 15:00
IT Services is monitoring the situation with regards to the recently announced Meltdown and Spectre vulnerabilities which apply to nearly all computers, smartphones and tablets. These vulnerabilities take advantage of newly-discovered weaknesses associated with how a device’s processor (CPU) handles data in certain circumstances. There are no known instances of these vulnerabilities being used at present and so the related threat to your data is currently very low.
Vendors such as Microsoft, Apple and Google are gradually making available the required software updates for their products and this news item will be kept up-to-date with the latest information we have for updating various operating systems and apps. Where relevant, as outlined below, we recommend you take action to install the related software updates for your devices as they become available.
- Microsoft Windows, Internet Explorer and Edge
For Windows PCs connected to the wired network in Trinity offices and labs, and to Staff Wi-Fi, no action is required on your part as IT Services will push out the required software updates in the coming days, following successful testing.
For all other Windows PCs, including those connected to the student TCDconnect service, the advice is to first ensure that any anti-virus software you are running has been updated to ensure compatibility with Microsoft’s updates. You will need to check compatibility information on your anti-virus vendor’s website before you run Windows Updates to obtain the January Windows Updates. Until your anti-virus software has been updated the January Windows Updates may not be presented to your PC and so you may not receive the updates required to patch for Meltdown and Spectre, nor any other security updates from Microsoft. For students connected to the TCDconnect service, if you are having difficulties updating your anti-virus software, then the advice would be to uninstall that anti-virus software and instead use Windows Defender, which is supported on the TCDconnect service and is compatible with the January Windows Updates. Please note that the installation or uninstallation of software is carried out at your own risk.
- Apple macOS & Safari – The latest version of macOS High Sierra (10.13.2) includes an initial security update with further supplemental updates being made available and so we advise those using macOS to install the latest updates on their device. Apple has also made available an update for Safari for those using macOS Sierra or El Capitan. Apple will not release updates for earlier versions of macOS, such as Yosemite and Mavericks, as these are no longer supported by Apple – continuing to run these older versions of macOS represents a risk to the security of your data.
- Apple iOS & Safari – iOS 11.2 included an initial security update and further updates are being made available, with the latest version being 11.2.2. We advise users of iPhones and iPads to install related iOS updates as they become available.
- Android – Google has made available an initial update, with further updates to follow. Our advice is to install any software updates made available by your Android smartphone/tablet vendor and to check the vendor’s website for further information.
- Google Chrome – Google will be making available an updated version of Google Chrome on 23rd January and we advise this be installed once available – the Chrome update process is often automatic.
- Mozilla Firefox – The latest version of Firefox includes some related updates and we advise you install this version – the Firefox update process is often automatic.
- Other software – In general the advice is to check your software vendor’s website for information on any security updates that may be required regarding Meltdown and Spectre, and to install these updates once available.