Disclaimer

The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

"Meltdown" and "Spectre" Guidance

 
There has been extensive media reporting in recent days concerning a software “bug” or “flaw” in computer processors supplied by a number of hardware manufacturers, including Intel. Dubbed “Meltdown” and “Spectre”, the software “bug” or “flaw” may allow unauthorised access to devices such as personal computers, servers, tablets and mobile devices. Further information can be found at https://spectreattack.com/
 
Microsoft, along with other operating system providers such as Apple, Google and Amazon are aware of this vulnerability and we understand that they have/are already taking steps to mitigate the risks involved.
 
Further manufacturer specific information is available below:
 
Intel
Microsoft
Amazon
ARM
Google
Mitre
Red Hat
Suse
Apple
 
 
 
Recommendations
 
In terms of end-users, it is advisable to check updates from device and software vendors in relation to what actions they are taking to mitigate the risks involved.
 
Data Controllers should check with their operating system providers/cloud providers/system manufacturers regarding this vulnerability and apply any security, software and hardware patches when available.
 
To fully mitigate the risks associated with this vulnerability, Data Controllers will need to check that their hardware firmware is also up to date. Hardware firmware updates are generally available on the manufacturer’s website and further information is available in the above links.
 
Data Controllers should also ensure that they have regular, consistent and comprehensive patch management procedures in place. Where possible, before installing the very latest patches, it is good practice to install software/hardware patches within a test environment to ensure that these patches will function correctly within a live environment and do not cause further potential issues.