This post was originally published on January 10, 2018.
What are Spectre and Meltdown?
Last week, two major security flaws, dubbed Meltdown and Spectre, were discovered in the CPUs of virtually all computing devices built in the past 20 years. The flaws can be exploited to read and steal sensitive user data, although as of writing there have not been any reported cases of these exploits happening in the wild.
According to the researchers, both Meltdown and Spectre make it possible for malware to access data being stored in memory by other programs, including your sensitive data.
Security updates by ExpressVPN
As of January 10, security patches to mitigate Meltdown for all relevant server operating systems have been made available, and ExpressVPN is already in the process of patching all of its servers. Patches for Spectre will be applied once issued by operating system developers; the risk of this exploit being applied to our servers in the interim is deemed to be minimal, however.
As these security patches are being applied on a rolling basis, we do not expect any impact on the ability of users to connect to ExpressVPN; we will, as ever, be monitoring closely to ensure that this remains the case.
ExpressVPN client apps do not require any updates related to Spectre or Meltdown.
How users can protect themselves
We strongly recommend that you take the following steps to protect yourself:
- Install updates for your antivirus software (on Windows systems, this should be done before installing operating system patches)
- Install any security patches for your operating systems, including on your desktop and laptop computers, phones, and tablets
- Install any firmware updates from the manufacturer of your devices
- Install the latest version of your web browser
- Updates for the above may not be available yet, so be sure to continue checking in the coming days and weeks
If you have any further questions regarding the updates to our servers, please don’t hesitate to contact our 24/7 live chat support.