Many Enterprise Mobile Devices Will Never Be Patched Against Meltdown, Spectre

Mark Wilson shares a report from BetaNews: The Meltdown and Spectre bugs have been in the headlines for a couple of weeks now, but it seems the patches are not being installed on handsets. Analysis of more than 100,000 enterprise mobile devices shows that just a tiny percentage of them have been protected against the vulnerabilities -- and some simply may never be protected. Security firm Bridgeway found that just 4 percent of corporate phones and tablets in the UK have been patched against Spectre and Meltdown. Perhaps more worryingly, however, its research also found that nearly a quarter of enterprise mobile devices will never receive a patch because of their age. Organizations are advised to check for the availability of patches for their devices, and to install them as soon as possible. Older devices that will never be patched -- older than Marshmallow, for example -- should be replaced to ensure security, says Bridgeway.

Patching = degrading

[RhettLivingston]

Since installing patched software, I'm suddenly having to charge my phone (pixel) twice a day instead of just at night and the fan on my laptop (quad-core Intel processor / ubuntu 17.10) has been steadily running whereas before I could rarely hear it. It's very annoying.

These "bugs" are going to end up being the biggest windfall processor manufacturers have seen in years. Unless these patches are radically improved, all of these devices are going to need to be replaced much sooner than planned.

For enterprise devices does it matter?

[SuperKendall]

These vulnerabilities only are problems if other software comes to be run on the system that is compromised, and able to target other apps running on the same device...

For most enterprise devices, they aren't going to be having other apps installed. They probably aren't going to be running anything but company apps, the web browser if at all using company web pages. So it hardly matters if this security issue is present.

On top of that, very probably for most mobile devices and especially older ones with little memory, most applications will be pushed out of memory quickly anyway so there's nothing to scan (and again it would have to be running as well because the vulnerabilities only let you see the contents of processor memory to begin).