5:15pm, 8 January 2018
TLP Rating:
Vulnerabilities in computer processors
Researchers have found several vulnerabilities in computer processors which may allow attackers to extract information from affected systems, including passwords and other sensitive data. These are called Meltdown and Spectre.
CERT NZ is not aware of any active attacks using these vulnerabilities, however we strongly recommend you protect yourself with the advice provided below as soon as practicable.
What's happening
Systems affected
It's safest to work on the basis that all systems may be affected, due to the complex nature of the vulnerabilities. Hardware vulnerabilities may affect any device, such as:
- computers
- smart phones
- tablets
- routers, and
- smart devices such as TVs.
Processors from Intel, AMD, and ARM are confirmed to be affected.
What this means
All computers and devices, such as cell phones, need to be updated. Updates protect against attacks which use vulnerabilities like these to steal sensitive information such as passwords.
What to look for
How to tell if you're at risk
The majority of devices are affected, as most devices use a processor from Intel, AMD, or ARM.
What to do
Mitigation
Make sure all software on all your devices is up to date. Some updates have already been released, and more are expected to be released over the coming weeks and months.
In particular, ensure your operating system and browser are updated. If you have a device which is no longer receiving updates, you should consider upgrading or replacing it, to ensure you can get the latest security updates.
CERT NZ’s advice on end-of-life devices
Updates have been issued (or will soon be issued) for:
- Windows
- MacOS
- Linux
- Android
- Chrome browser and
- Firefox.
More information
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
The technical details of these vulnerabilities can be found at meltdownattack.com External Link
and spectreattack.com External Link .