Security Advice for Meltdown and Spectre Vulnerabilities
Milton Keynes, United Kingdom - January 15, 2018 - Synology® published security advisory Synology-SA-18:01 for Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerabilities on January 4 and continues to work with our processor suppliers to incorporate fixes. Since the only way for these vulnerabilities to be exploited is through local malicious programs, Synology has rated the severity level to ‘Moderate'.
Meltdown and Spectre vulnerabilities have affected mainstream processing infrastructures on the market, including most PCs, mobile devices, as well as servers. Under the premise that malicious code can be executed locally, potential attackers stand a chance to bypass security measures to access privileged memory and steal sensitive data. However, since the vulnerabilities were discovered by security researchers, there is no clear indication of any exploitation so far. As of today, Synology has not received any reports of the product being attacked.
Synology suggests the following to protect your system against potential attacks:
Install and execute only trusted applications on your systems
Ensure all DiskStation Manager / Synology Router Manager accounts are known and trusted
Synology continues to develop mitigations for these issues and will release them in the upcoming updates. Please follow Synology Security Advisory page Synology-SA-18:01 for the latest updates.
Synology at a glance
Synology creates network-attached storage, IP surveillance solutions, and network equipment that transform the way users manage data, conduct surveillance, and manage networks in the cloud era. By taking full advantage of the latest technologies, Synology aims to help users centralize data storage and backup, share files on-the-go, implement professional surveillance solutions, and manage networks in reliable and affordable ways. Synology is committed to delivering products with forward-thinking features and the best in class customer services.