Ometria runs on Amazon Web Services (AWS). Soon after the disclosure (4th January 2018), AWS issued an update to all running server hosts in their data centres and these patches were automatically applied by our systems. Therefore we believe our systems to be protected against this attack. We will continue to monitor this issue and will continue to automatically apply system updates as needed.
It’s important to stress that the vulnerabilities disclosed are theoretical, and the steps required to actively exploit them are hugely complex. Given the complexity of exploiting them, the short time between disclosure and security updates being applied, it is highly unlikely they were utilised in any way. Also, it’s important to note that all Software as a Service (SAAS) providers are similarly affected, as this issue affects the CPUs used in the majority of servers worldwide.
It’s also worth noting that individual computers and mobile phones may also be vulnerable, although to a lesser degree, therefore it’s worth making sure that any systems you or your team use to access sensitive information are fully up to date. Specifically you should:
- Update your operating systems with the latest patches. Mac OS X will release a fix shortly. Windows has released an update.
- Update your browsers. Browsers are continually releasing new features and updates. As a best practice, you should enable automatic updates on your browser.