Acronis Responds, Protects Users from Spectre and Meltdown
New security research has been made public revealing the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerabilities in modern processors. These vulnerabilities allow programs to break the isolation between applications, which means malicious applications could access the memory of another program running on the same machine. (For a detailed attack description, please visit https://spectreattack.com/ or https://meltdownattack.com/.)
It is important to note that these vulnerabilities can only be exploited locally, meaning a malicious actor must be able to run code on the system in order to exploit these vulnerabilities.
Acronis is committed to ensuring the confidentiality, privacy, integrity, and availability of our customers and their data. That is why our team has taken immediate steps to ensure that no Acronis customer is exposed to these vulnerabilities.
Specifically, we have patched the majority of infrastructure systems used in Acronis Cloud (e.g. Backup, Disaster Recovery and Files Cloud) to address these vulnerabilities. All other relevant systems will be patched as soon as the operating system vendor releases a patch. We have not observed a meaningful performance impact for any Acronis Cloud services since the update was made.
Although these vulnerabilities do not directly impact any on-premise Acronis products, you should consult with your operating systems vendor for updates and instructions, as needed.
Acronis will continue to communicate any new, relevant information here, as it is available. If you have any additional questions, please contact our Technical Support Team.