Oracle is the latest firm to patch its systems against the Spectre and Meltdown CPU flaws.
Spectre and Meltdown are design flaws in modern processors that could allow hackers to bypass system protections on a wide range of devices, allowing attackers to read sensitive information, such as passwords, from memory.
Among the 237 fixes in Oracle's Critical Patch Update for January are fixes for both Spectre and Meltdown.
"Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay," Oracle says in a security advisory on its site.
The patches are designed to mitigate exploits for both Spectre vulnerabilities — bounds check bypass and branch target injection — and the Meltdown rogue data cache vulnerability.
According to Oracle support documents, the Spectre vulnerability affects certain systems running on Oracle's Solaris OS on SPARCv9 processors. Patches to help guard against these attacks will be rolled out to firms with Oracle's Premier or Extended Support.
While the Meltdown flaw doesn't affect Sparcv9 processors, Oracle has issued a patch against this flaw for its x86-based systems, alongside new Intel microcode to mitigate against Spectre branch target injection attacks.
SEE: Incident response policy (Tech Pro Research)
"Application of firmware patches to pick up the Intel microcode is required only for Oracle x86 servers using non Oracle OS and Virtualization software," says Oracle in its security notice.
"Oracle OS and Oracle VM patches for CVE-2017-5715 will include updated Intel microcode."
Both Intel and Google have released patches to mitigate against the Spectre branch target injection vulnerability, with Microsoft reporting that microcode fixes can cause considerable performance issues on older CPUs.
While tech firms have been preparing updates to mitigate the Spectre and Meltdown flaws for months, details of the vulnerabilities leaked out early.
In the rush to issue patches there have been various instances of Spectre and Meltdown updates causing problems of their own.
Microsoft recently said that Windows PCs won't receive any further security updates until third-party AV software is verified as compatible with Windows patches for Spectre and Meltdown.
Last week Intel admitted that PCs and servers with older, Broadwell and Haswell era, processors were experiencing unexpected reboots after applying firmware updates designed to address Meltdown and Spectre. And chipmaker AMD has been working with Microsoft to resolve problems after patches caused PCs running on some older AMD Opteron, Athlon and AMD Turion X2 Ultra processors to refuse to boot.
- Meltdown-Spectre: More businesses warned off patching over stability issues (ZDNet)
- Spectre and Meltdown: Insecurity at the heart of modern CPU design (ZDNet)
- Microsoft says older Windows versions will face greatest performance hits after Meltdown, Spectre patches (ZDNet)
- PC over 2 years old? Expect slowdowns from Spectre fixes, says Microsoft, especially if you're not on Windows 10 (TechRepublic)
- Windows Meltdown patch: No more security updates for your PC if your AV isn't compatible (TechRepublic)
- How the Meltdown and Spectre chip flaws will impact cloud computing (TechRepublic)
- Windows Meltdown patch: Find out if your PC is compatible (TechRepublic)
- Emergency Windows Meltdown patch may be incompatible with your PC (TechRepublic)
- Massive Intel CPU flaw: Understanding the technical details of Meltdown and Spectre(TechRepublic)
- Critical flaws revealed to affect most Intel chips since 1995 (ZDNet)
- Nope, no Intel chip recall after Spectre and Meltdown, CEO says (CNET)
- Intel chips have critical design flaw, and fixing it will slow Linux, Mac, and Windows systems (TechRepublic)
Nick Heath is chief reporter for TechRepublic. He writes about the technology that IT decision makers need to know about, and the latest happenings in the European tech scene.