Night mode is an automatic setting which takes advantage of the new wide-angle camera that's in the iPhone 11 and 11 Pro models. It's equipped with a larger sensor that is able to let in more light, allowing for brighter photos when the light is low.
16" MacBook Pro Now Available
New 'ZombieLoad' Vulnerability Affects Intel Chips Dating Back to 2011, Apple Released Patch in macOS 10.14.5 [Updated]
Security researchers have discovered a new set of vulnerabilities that affect Intel chips dating back to 2011, including the chips that have been used in Apple devices.
As outlined by TechCrunch, "ZombieLoad," as it's being called, consists of four bugs that can allow hackers to exploit the design flaws in the chips to steal sensitive information directly from the processor.
These vulnerabilities are as serious as the Meltdown and Spectre vulnerabilities that were discovered in early 2018 and take advantage of the same speculative execution process, which is designed to speed up data processing and performance.
A white paper shared by notable security researchers (including some who worked on Spectre and Meltdown) offers details on how ZombieLoad functions. [PDF]
There have been no reports of hackers taking advantage of the ZombieLoad vulnerabilities at this time, and Intel has released microcode for vulnerable processors. Apple addressed the vulnerability in the macOS Mojave 10.14.5 update that was released yesterday and in security patches for older versions of macOS that were also released yesterday.
Full mitigation requires using the Terminal app to enable additional CPU instructions and disable hyper-threading processing technology, which is available for macOS Mojave, High Sierra, and Sierra, but not on certain older machines. Apple says full mitigation could reduce performance by up to 40 percent, so most users will not want to enable it.
According to Intel, its microcode updates will have an impact on processor performance, but for the patch that Apple released in macOS Mojave 10.14.5, there was no measurable performance impact. Apple's fix prevents the exploitation of ZombieLoad vulnerabilities via JavaScript in Safari.
One of the researchers who discovered ZombieLoad, Daniel Gruss, told TechCrunch that ZombieLoad is easier to exploit than Spectre, but more difficult than Meltdown, and that it requires a specific set of skills, which means the average person doesn't need to worry.
Update: This article previously said that Apple would release a patch, but it has been updated to clarify that Apple addressed the issue in security updates made available to Mac owners yesterday. Customers running Mojave should update to macOS 10.14.5, while customers running older versions of macOS should install any available security updates.
As outlined by TechCrunch, "ZombieLoad," as it's being called, consists of four bugs that can allow hackers to exploit the design flaws in the chips to steal sensitive information directly from the processor.
These vulnerabilities are as serious as the Meltdown and Spectre vulnerabilities that were discovered in early 2018 and take advantage of the same speculative execution process, which is designed to speed up data processing and performance.
A white paper shared by notable security researchers (including some who worked on Spectre and Meltdown) offers details on how ZombieLoad functions. [PDF]
While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.ZombieLoad impacts almost every Intel computer dating back to 2011, but AMD and ARM chips are not affected. A demonstration of ZombieLoad was shared on YouTube, displaying how it works to see what you're doing on your computer. While spying on web browsing is demoed, it can also be used for other purposes like stealing passwords.
The attack does not only work on personal computers but can also be exploited in the cloud.
There have been no reports of hackers taking advantage of the ZombieLoad vulnerabilities at this time, and Intel has released microcode for vulnerable processors. Apple addressed the vulnerability in the macOS Mojave 10.14.5 update that was released yesterday and in security patches for older versions of macOS that were also released yesterday.
Apple has released security updates in macOS Mojave 10.14.5 to protect against speculative execution vulnerabilities in Intel CPUs.An Apple support document on the ZombieLoad vulnerability provides details for "full mitigation" protection that can be enabled for customers with computers at heightened risk or that run untrusted software on their Macs.
The issues addressed by these security updates do not affect Apple iOS devices or Apple Watch.
Apple previously released security updates to defend against Spectre—a series of speculative execution vulnerabilities affecting devices with ARM-based and Intel CPUs. Intel has disclosed additional Spectre vulnerabilities, called Microarchitectural Data Sampling (MDS), that apply to desktop and notebook computers with Intel CPUs, including all modern Mac computers.
Full mitigation requires using the Terminal app to enable additional CPU instructions and disable hyper-threading processing technology, which is available for macOS Mojave, High Sierra, and Sierra, but not on certain older machines. Apple says full mitigation could reduce performance by up to 40 percent, so most users will not want to enable it.
According to Intel, its microcode updates will have an impact on processor performance, but for the patch that Apple released in macOS Mojave 10.14.5, there was no measurable performance impact. Apple's fix prevents the exploitation of ZombieLoad vulnerabilities via JavaScript in Safari.
An Intel spokesperson told TechCrunch that most patched consumer devices could take a 3 percent performance hit at worst, and as much as 9 percent in a datacenter environment. But, the spokesperson said, it was unlikely to be noticeable in most scenarios.As mentioned above, customers who enable Apple's full mitigation option will indeed see processor slowdowns because of the need to disable hyper-threading.
One of the researchers who discovered ZombieLoad, Daniel Gruss, told TechCrunch that ZombieLoad is easier to exploit than Spectre, but more difficult than Meltdown, and that it requires a specific set of skills, which means the average person doesn't need to worry.
Update: This article previously said that Apple would release a patch, but it has been updated to clarify that Apple addressed the issue in security updates made available to Mac owners yesterday. Customers running Mojave should update to macOS 10.14.5, while customers running older versions of macOS should install any available security updates.
[ 86 comments ]
Top Rated Comments
(View all)
27 weeks ago
Between all these issues and the delays, I’m just hanging out for A-Series Macs at this point.
Intel to the curb; Windows be damned.
Intel to the curb; Windows be damned.
27 weeks ago
Between all these issues and the delays, I’m just hanging out for A-Series Macs at this point.
Intel to the curb; Windows be damned.
27 weeks ago
As a CPU designer who formerly had to compete with Intel and it’s hyperthreading microarchitectures, I am retroactively glad we didn’t go that way. It always seemed like sharing buffers between threads opened up way too many opportunities for mischief unless you put in a lot of extra hardware to zero-out every memory structure between context switches, and that would probably eliminate any speed benefit anyway.
27 weeks ago
[USER=690974]@tywebb13[/USER]
I am still in HS
Can I please have the direct links for
iTunes Device Support Update
Safari 12.1.1
And the latest
gatekeeper and xprotect
Thanks
Came
http://swcdn.apple.com/content/down...j7tgzg4zzuvn3scnsztzq3dked/MobileDeviceSU.pkg ('http://swcdn.apple.com/content/downloads/09/58/041-62886/gyhsj0r6j7tgzg4zzuvn3scnsztzq3dked/MobileDeviceSU.pkg')
http://swcdn.apple.com/content/down...gsxdj09bat1u4t/Safari12.1.1HighSierraAuto.pkg ('http://swcdn.apple.com/content/downloads/11/43/041-29455/th6as97r3li57d3lz5qwgsxdj09bat1u4t/Safari12.1.1HighSierraAuto.pkg')
http://swcdn.apple.com/content/down...m808sfkhernhm6t03ocg/GatekeeperConfigData.pkg ('http://swcdn.apple.com/content/downloads/01/50/041-56834/gxlfpqocbqlortm808sfkhernhm6t03ocg/GatekeeperConfigData.pkg')
http://swcdn.apple.com/content/downloads/35/05/041-59062/l0a9hglm2vcwewfkld5832ivg90gh4xtns/XProtectPlistConfigData.pkg
27 weeks ago
Yes, there's a crisis. Update to the version of macOS that will force Notarization on you! Coincidence or inside bug discovery they were waiting on to inform Intel of AFTER they had a reason to force people to update to a version of the OS that can control everything you do....
Interesting. So I am sure several members are wondering "Notarization? Being forced on me? What's that all about?" The implication that Notarization "can control everything you do" is certainly a scary idea.So, I looked up Notarization ('https://www.macrumors.com/2019/04/08/mac-apps-notarization-macos-10-14-5/') to find out what fresh evil was being forced upon me. Well, according to MacRumors own thread "as of macOS 10.14.5, all new software distributed with a new Developer ID must be notarized in order to run." Or, in other words, new software from new developers must be notarized by Apple for the OS to allow it to run, the idea being this will help identify authentic software NOT DOWNLOADED FROM THE MAC APP STORE from malware. In future versions of the OS all software not from the Mac App Store will have to have notarization from the developer which is supplied by Apple.
So how does this control everything you do? It doesn't. Is it a huge imposition on the Mac users? It's not. Is it terribly inconvenient for developers who don't distribute software through the Mac App Store? Well, it is an added step but not an overly onerous one; I don't think it will put anyone out of business. Will it make your computer more secure? Yes, probably, for awhile at least until this, too, is defeated.
But hey, just because you are paranoid and espouse wild conspiracy theories doesn't mean the government isn't watching everything you do. Keep the faith.
27 weeks ago
My next hardware build will be AMD. Their Zen 2 is just looking way too sweet and only looks better as more issues with Intel pops up. (Then let’s consider the cost.)
27 weeks ago
This is a **** show.
We got Meltdown, Spectre, ForeShadow and now this. I still remember there were lots of warning and questions over Intel's SMT ( Hyperthreading ) when it arrive and they promised everything were FUD.
By 2019 Xmas, when 10nm arrive on shelf we would be 5 years since Intel launched their 14nm, which was already a year / 6-8 months late depending on how you view it. That is assuming they haven't lie again with 10nm as they have been all the way along.
They purchased Infineon in 2010 and completed the deal in early 2011, for 5 - 8 years all they had was the pile of crap to show in iPhone 7, iPhone 8 and now iPhone XR...
Right now I really wish I have nothing to do with Intel. I don't want an iPhone or any Apple products to have a single dollar worth of material going to Intel.
For backward compatibility reason I still wish Mac would stick to x86, and would be nice if they use Ryzen or EPYC for Mac.
We got Meltdown, Spectre, ForeShadow and now this. I still remember there were lots of warning and questions over Intel's SMT ( Hyperthreading ) when it arrive and they promised everything were FUD.
By 2019 Xmas, when 10nm arrive on shelf we would be 5 years since Intel launched their 14nm, which was already a year / 6-8 months late depending on how you view it. That is assuming they haven't lie again with 10nm as they have been all the way along.
They purchased Infineon in 2010 and completed the deal in early 2011, for 5 - 8 years all they had was the pile of crap to show in iPhone 7, iPhone 8 and now iPhone XR...
Right now I really wish I have nothing to do with Intel. I don't want an iPhone or any Apple products to have a single dollar worth of material going to Intel.
For backward compatibility reason I still wish Mac would stick to x86, and would be nice if they use Ryzen or EPYC for Mac.
27 weeks ago
Or Apple should just switch to Ryzen.
I don’t want apple to be dependent on any company. Their A series chips are really best of the best, I’m sure they can make a great PC chip as well.[ Read All Comments ]
The biggest Apple news of this week was obviously the launch of the new 16-inch MacBook Pro, which debuted on Wednesday with a new "Magic Keyboard" and some other nice upgrades.
Other...
For this week's giveaway, we've teamed up with BluShark to offer MacRumors readers a chance to win a high-quality leather band designed for the Apple Watch.
BluShark makes a whole range...
In an ongoing effort to keep track of upcoming (and current) Black Friday sales, we've begun highlighting the biggest and best discounts offered by major retailers. Last week we started with Best...
A trio of retailers have begun discounting Apple's just-released 16-inch MacBook Pro, including Best Buy, Amazon, and Adorama. These sales follow discounts offered by Expercom, which are deeper...
As outlined in an Apple support document, the new 16-inch MacBook Pro features an adjustable refresh rate.
For professional workflows such as video editing, for example, Apple notes that you can...
Two weeks after Apple TV+ debuted, Apple today greenlit a new drama series called "Slow Horses" for its streaming service. The show is based on a book series of the same name by author Mick...
Apple today sent out emails highlighting its newest Apple Pay promo, which offers customers a 75 percent discount off of all cards purchased through Snapfish.
Snapfish is a photo site that...
Following the release of iOS 13.2.2 on November 7, Apple has stopped signing iOS 13.2, which means downgrading to iOS 13.2 is no longer possible.
iOS 13.2 was a major update that brought support...
