When a new type of vulnerability is announced, researchers will pursue all similar roads to eachbody's exhausted. In other words, we have not yet seen the last of new speculative designs utilizing vulnerabilities like Specter and Meltdown. Last week was the Foreshadow variant, where MacStadium customers were protected for a variety of reasons. However, VMware announced potential new effects related to the L1 Terminal Fault – VMM vulnerability. Fortunately, the typical way most users use MacStadium are extremely difficult to exploit. Nevertheless, there are still some MacStadium customers running VMware, should be aware that they can determine the correct answer.
We usually distribute private clouds safely tucked behind firewalls. This means there would be attackers who probably can not even reach your World Cup. Even if customers use the World Cup to compile / test the code for third parties, malicious code will be compiled on the Mac, break out of an iOS simulator, and then try to exploit the vulnerability. Considering most of us do our best to compile clean and pass integration tests, you can see the difficulty it would take for a malicious attacker to exploit this vulnerability successfully.
While we are confident that your data is secure, we still recommend that customers using VMware clouds on MacStadium read the advice to help you determine the answer that best suits your environment. A relevant update and further suggestions are available to correct potential consequences. As long as you run VMware 6.5 or later, you can manually start the update manager, which allows you to use the current update itself. Please note that ESXi updates are generally the responsibility of the customer, but MacStadium would like to offer support and guidance if necessary.
If you do not already subscribe, we strongly recommend that you sign up for the VMware Security Announcements list to keep up to date with relevant issues and fixes. You can register on the list by VMware Security Announcements.