How do the Meltdown and Spectre vulnerabilities impact Canaries?

There are currently 3 versions of Canaries:

  • Hardware, the physical device

  • Cloud, an Amazon EC2 instance

  • VM, running inside ESXi (or similar)

The good news is that the hardware Canaries, which make up the majority of deployed birds in the field, are based on an ARM architecture which isn't affected by the design flaw which introduced these vulnerabilities.

Cloud based Canaries were patched by Amazon shortly after disclosure, so those are safe as well.

The only exception is the (relatively new) VM-based Canaries. These Canaries live on infrastructure managed by... you!. This means that you need to patch your ESXi according to the VMWare recommendations. (They have provided a knowledge-base article covering the patch).

How do the Meltdown and Spectre vulnerabilities impact the Console?

Your hosted console runs on Amazon EC2, and they have rolled out patches. Your console is not affected by either Spectre or Meltdown.