What's this
Your computer’s CPU needs to access sensitive data and keys. This vulnerability allows an attacker to steal this information as the CPU accesses it. This is due to a flaw in the design of how modern CPUs work.
What does this mean?
The vulnerability could allow an attacker to see tasks being handled by a certain class of Intel CPU. This could allow them to steal secrets, such as browsing history and passwords. It could also expose system level secrets such as disk encryption keys.
Practical things we are doing
We will be contacting clients affected by this to let them know what they (and we) need to do.
Practical things you should do
Make sure you update your operating system (MacOS, Windows, iOS, Android, etc...). Go and check for available updates now and make sure automatic updates are switched on and working if available.
As always, don't install any software, open any email attachments or visit any sites that you don't trust.
All of this is generally good security advice.
Further reading
- The ZombieLoad site has some pretty good info and FAQs
- TechCrunch has a good write up in (fairly) plain english
- BBC News story. Even Aunty is reporting on this stuff now
- Apple has released an update to MacOS
