Spectre and Meltdown Recommended Actions for Unify Products and Servers
Unify products operate as closed systems, where only approved software is active. This dramatically reduces the risk of the Spectre & Meltdown vulnerabilities to a low level where we can recommend that proactive patching of the operating systems, to mitigate risks associated with Spectre & Meltdown, is not necessary and not recommended at this point.
When Unify products are operating in a virtual environment, installing the CPU patches for the hypervisor (e.g. ESXi) is recommended. This will protect the Unify product from any malicious code that may be active on a separate virtual machine on the same host.
Desktops and workstations that run Unify clients should be patched against these vulnerabilities to ensure that no other applications running on the same machine have access to sensitive information used by our clients. This is particularly important for systems used to administer our products as high privileged credentials might be in use. No noticeable performance issues are expected for Unify clients.
We are actively testing the available operating system patches and will include them in future releases of our products, along with details of any performance impact caused by these patches. This will ensure compatibility with future operating systems patches while providing for ongoing performance and stability. We will update our vulnerability advisory with additional details as new information becomes available.
Unify advisories are published here: https://unify.com/en/security-advisories