ZombieLoad Security Vulnerability affecting all Intel CPUs since 2011

By Matt,

May 2019

Web Dev
Boffins have discovered yet another security vulnerability to do with computer processors (CPUs) and how they access information. This will affect any personal computer or server using any Intel chip produced since 2011 (i.e. most of them).

What's this

Your computer’s CPU needs to access sensitive data and keys. This vulnerability allows an attacker to steal this information as the CPU accesses it. This is due to a flaw in the design of how modern CPUs work.

What does this mean?

The vulnerability could allow an attacker to see tasks being handled by a certain class of Intel CPU. This could allow them to steal secrets, such as browsing history and passwords. It could also expose system level secrets such as disk encryption keys.

Practical things we are doing

We will be contacting clients affected by this to let them know what they (and we) need to do.

Practical things you should do

Make sure you update your operating system (MacOS, Windows, iOS, Android, etc...). Go and check for available updates now and make sure automatic updates are switched on and working if available.

As always, don't install any software, open any email attachments or visit any sites that you don't trust.

All of this is generally good security advice.

Further reading