In response to Intel’s statement today regarding new vulnerabilities, we wanted to share all the information we have to date with our customers and community.
Current information does not suggest that this latest vulnerability, Variant 4, would allow Droplets to gain access to the host hypervisor, or access to other Droplets. We also do not believe that we will need to reboot our entire fleet of hypervisors, as was necessary to mitigate impact from the initial Spectre and Meltdown vulnerabilities. However, there is a remote potential for exploit and we are working with Intel to validate microcode to patch for the vulnerabilities. We are accelerating the fix, but applying these updates takes coordination and time.
Our security and engineering teams are monitoring our hypervisors and following this issue closely. We remain in communication with our contacts at Intel regarding any new developments. The security of our users’ data is one of our highest priorities, and we are ready to take action if and when appropriate. At this time, we strongly recommend ensuring that you have the latest packages from your distributions, and you use the latest browser versions with fixes for Variant 4.
We will update this blog as more information becomes available. In addition to posting here, we will notify customers directly if there is a need to take action.