Tue 09 January 2018 By Brendan
You have undoubtedly heard talk of the CPU microarchitecture vulnerabilities recently disclosed by Google Project Zero: Meltdown and Spectre, which affect the vast majority of modern processors. CriticalBlue’s CTO, Richard Taylor, recently published a blog which outlines the vulnerabilities, the attacks, and the solutions. Both of these vulnerabilities have potential exploits which steal sensitive data — the largest implication for cloud services clearly being the broken isolation between virtual machines in cloud platforms.
The Approov platform lives in a combination of Amazon Web Services and Google Cloud Platform. As soon as kernel patches were available, both of these vendors patched their hosts and hypervisors to protect their customers — including us — from Meltdown attacks. At the same time, we began work to test the stability of the update amidst widespread reports of cloud services struggling after upgrading to the patched kernel. For your convenience, the Amazon Web Services bulletin can be found here and the Google Cloud Platform can be found here.
We will continue to monitor the stability and security of these patches in the coming weeks and will update you if necessary. If you have any questions, please contact support at firstname.lastname@example.org — we are happy to answer any questions you may have.
Update: Since there was so much speculation about the performance impact of these patches, we have been keeping a very close eye on things. Good news is that we have not seen any measurable latency increase for requests to our service, so customers are unaffected, this is despite seeing the CPU load on our AWS EC2 instances increase by around 17%.