The Meltdown and Spectre vulnerabilities were publicly disclosed 3 January.
Synology posted their own security advisory 5 days later on 8 January
listing these vulnerabilities as moderate "because these vulnerabilities
can only be exploited via local malicious programs." As if there were no
ways for "local malicious programs" to ever be installed or injected.
As of 4 February, a month after the initial disclosure, Synology have
yet to release fixes for these vulnerabilities.
I will be mothballing my Synology NAS box as soon as I get a replacement
for it up and running. I have the parts. I just need to assemble and
test them, install an OS, and move the drives.
Discuss mailing list