As a best practice, after applying the updates, we recommend that you update your LastPass master password and your most important passwords (email, financial, social media, and medical) to mitigate the risk of these vulnerabilities.Īs always, we encourage users to follow general best practices for online security such as: We’ll continue to provide updates to our users as warranted.Īt minimum, immediately apply updates when they become available. We are actively tracking this issue and are patching systems as applicable updates become available. Due to our zero-knowledge security model, in which LastPass does not receive the master password, passwords and other sensitive data stored in the encrypted vault should remain safe. When it comes to Meltdown, LastPass infrastructure is heavily fortified, protected by many layers as detailed in our technical whitepaper. We are actively monitoring for updates by chip makers and operating system providers and applying applicable patches to our own machines as they become available, and recommend users do the same.įor either vulnerability, malicious intent would need to occur for them to be exploited. As of now, this is known to affect Intel, AMD and ARM processors. Spectre impacts a larger number of systems and is harder to mitigate, but is also harder to exploit. The Spectre bug breaks the isolation between different applications, which may potentially allow an attacker, under a limited set of circumstances, to access unauthorized data. As of now, this is known to affect Intel processors. For an attacker to even be able take advantage of this vulnerability, he/she must first find an opportunity to run malicious code on the targeted system. Anyone running an unpatched operating system may be at risk. The Meltdown bug may allow programs to access computer memory that they would normally not be allowed to access. In summary, we are updating LastPass systems with the latest applicable and available patches and advise our customers to do the same while continuing to practice smart cyber hygiene. Now known as “Meltdown” and “Spectre,” these bugs affect most central processing units (CPUs), and therefore, many computer users. On Wednesday, January 3 rd, two security bugs were observed by the security community.
0 kommentar(er)
