ZombieLoad Security Vulnerability affecting all Intel CPUs since 2011
Boffins have discovered yet another security vulnerability to do with computer processors (CPUs) and how they access information. This will affect any personal computer or server using any Intel chip produced since 2011 (i.e. most of them).
Your computer’s CPU needs to access sensitive data and keys. This vulnerability allows an attacker to steal this information as the CPU accesses it. This is due to a flaw in the design of how modern CPUs work.
What does this mean?
The vulnerability could allow an attacker to see tasks being handled by a certain class of Intel CPU. This could allow them to steal secrets, such as browsing history and passwords. It could also expose system level secrets such as disk encryption keys.
Practical things we are doing
We will be contacting clients affected by this to let them know what they (and we) need to do.
Practical things you should do
Make sure you update your operating system (MacOS, Windows, iOS, Android, etc...). Go and check for available updates now and make sure automatic updates are switched on and working if available.
As always, don't install any software, open any email attachments or visit any sites that you don't trust.
All of this is generally good security advice.