A new class of security vulnerabilities, named Meltdown and Spectre, became public knowledge in early January 2018. Phoenix has been working closely with industry partners to quickly deliver patches to computing device manufacturers to protect against these new security vulnerabilities.
Phoenix’s firmware is not vulnerable to Meltdown and Spectre. Rather, attackers can use innovative new methods that exploit techniques used by Intel, AMD, and ARM to improve performance of their processors. By employing Meltdown/Spectre tactics, an attacker could potentially steal secrets, such as passwords and credit card information, which would normally be hidden by operating system protections.
While some aspects of these vulnerabilities can be mitigated with software patches, other aspects
require a patch for the processor itself, called a microcode update. Microcode updates are incorporated into the UEFI firmware. Phoenix is working closely with Intel and AMD to deliver firmware with the relevant microcode updates to our valued customers and authorized distributors as those updates are made available to us.
For end users, Phoenix recommends applying all software patches, including those provided for Operating Systems and Web Browsers, and firmware updates provided by your computing device manufacturer.
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754