Media5 statement on Meltdown and Spectre vulnerabilities

Last week, a group of researchers published details about a major security flaw, known as Meltdown and Spectre, which affects some Intel and AMD processors, or some processors using ARM cores. Attacks that exploit this bug could allow malicious software to spy deeply into other processes and data on the target computer or smartphone.

Aware of the relevance of the matter, Media5 Corporation has evaluated Meltdown and Spectre vulnerabilities and has determined that Mediatrix gateways, ATAs, and Sentinel are NOT vulnerable.

Impact to Mediatrix customers

Mediatrix platforms do not allow execution of a third party software, therefore they do not run arbitrary code and have no exploitable shell, being therefore non-vulnerable to Meltdown and Spectre.

The Sentinel 400 allows a Virtual Machine (VM) to be installed through a licence mechanism.  Customers making use of a VM licence must make sure the operating system they install on the virtual machine is safe and that the VM itself is protected from any form of malicious attacks.

Impacts for M5T and Media5-fone customers

Other Media5 products that do not allow running non-embedded third party code are also not at risk, i.e.:

  • M5T Sip Client Engine Software Development Kits
  • Media5-fone SoftClients

While the list of third-party embedded libraries required by the M5T Sip Client Engine SDKs is provided to customers along with the software archive, the list of embedded third-party libraries for the Media5-fone SoftClients can be accessed here.

As a general rule, to minimize the potential impact of these vulnerabilities, Media5 recommends Media5-fone customers to take the following action:

  • Install all Windows, Linux, Android, iOS, and Mac OS patches available with the latest updates from appropriate vendors.

References

Intel website – Issues update
Arm website – Security update
Mitre website – Spectre – CVE-2017-5715
Mitre website – Spectre – CVE-2017-5753
Mitre website – Meltdown – CVE-2017-5754

Share :