As widely reported, security researchers have released information about two major bugs found in nearly all CPUs. Meltdown, affecting Intel processors, and Spectre, affecting Intel, AMD and ARM processors, are security flaws that could give applications access to protected kernel memory data. Security is a high priority for us at MacStadium, and our team is actively monitoring reports and information regarding these bugs.
Because MacStadium provides dedicated infrastructure, the risk to our customers is somewhat diminished vs. public cloud providers. However, customers should take necessary precautions as they see fit. We encourage MacStadium customers to install the appropriate patches as provided by Apple and/or VMware as they are released. Sources have suggested that Apple has partially fixed the problem with the December release of macOS High Sierra 10.13.2, and more changes are expected in 10.13.3.
Our engineering team will be evaluating and testing the reliability of patches as they are released by manufacturers. Based on the results, we will publish best practice guides for those wishing to patch their hosts. Follow our blog and community forum for updates.
VMWARE UPDATE (1/8/18)
Below are links to VMware instructions for patching. The MacStadium engineering team has reviewed these and sample tested the instructions.
For patching ESXi hosts via CLI, users can download patches here based on their specific ESXi version:
This video explains how to patch the hosts:
v.6.5 has an update manager already built-in, which simplifies the process vs. the manual CLI patching. See https://kb.vmware.com/s/article/2151099 for more information.