Jan 8, 2018 - CERTNZ advises that researchers have found multiple vulnerabilities in computer processors which may allow attackers to extract information from affected systems, including passwords and other sensitive data.
The technical details of these vulnerabilities can be found at meltdownattack.com and spectreattack.com.
CERT NZ is not currently aware of any attacks that are actively exploiting these vulnerabilities, however we strongly recommend you protect yourself with the advice provided below as soon as practicable.
What's happening
Systems affected - Processors from Intel, AMD, and ARM have been confirmed to be affected. Due to the complex nature of the vulnerabilities, it is safest to work on the basis that all systems may be affected. As this is a hardware vulnerability, this may affect any device, from computers to smart phones, tablets, routers, and smart devices such as TVs.
What this means
All computers and personal devices such as cell phones will need to be updated to protect against attacks which use these vulnerabilities to steal sensitive information such as passwords
What to look for | How to tell if you're at risk
If you are using a device which uses a processor from Intel, AMD, or ARM - you may be at risk. This represents the vast majority of end user devices.
What to do
Mitigation - Ensure that all software on all your devices is up to date. Some updates have been released, and more are expected to be released over the coming weeks and months as manufacturers and vendors respond to these vulnerabilities.
In particular, ensure your operating system and browser are updated. If you have a device which is no longer receiving updates, you should consider upgrading or replacing it, to ensure you can get the latest security updates.
CERT NZ’s advice on End-of-Life Devices - Updates have been issued (or will soon be issued) for Windows, macOS, Linux, Android, Chrome browser and Firefox. A more comprehensive list may be found at https://www.us-cert.gov/ncas/alerts/TA18-004A External Link .
More information
If you require more information or further support, submit a report on the CERTNZ website or contact them on 0800 CERTNZ.
| A CERTNZ release || January 8, 2018 |||