New 'ZombieLoad' Vulnerability Affects Intel Chips Dating Back to 2011, Apple Released Patch in macOS 10.14.5 [Updated]

Security researchers have discovered a new set of vulnerabilities that affect Intel chips dating back to 2011, including the chips that have been used in Apple devices.

As outlined by TechCrunch, "ZombieLoad," as it's being called, consists of four bugs that can allow hackers to exploit the design flaws in the chips to steal sensitive information directly from the processor.

zombieload
These vulnerabilities are as serious as the Meltdown and Spectre vulnerabilities that were discovered in early 2018 and take advantage of the same speculative execution process, which is designed to speed up data processing and performance.

A white paper shared by notable security researchers (including some who worked on Spectre and Meltdown) offers details on how ZombieLoad functions. [PDF]

While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.

The attack does not only work on personal computers but can also be exploited in the cloud.

ZombieLoad impacts almost every Intel computer dating back to 2011, but AMD and ARM chips are not affected. A demonstration of ZombieLoad was shared on YouTube, displaying how it works to see what you're doing on your computer. While spying on web browsing is demoed, it can also be used for other purposes like stealing passwords.


There have been no reports of hackers taking advantage of the ZombieLoad vulnerabilities at this time, and Intel has released microcode for vulnerable processors. Apple addressed the vulnerability in the macOS Mojave 10.14.5 update that was released yesterday and in security patches for older versions of macOS that were also released yesterday.

Apple has released security updates in macOS Mojave 10.14.5 to protect against speculative execution vulnerabilities in Intel CPUs.
The issues addressed by these security updates do not affect Apple iOS devices or Apple Watch.
Apple previously released security updates to defend against Spectre—a series of speculative execution vulnerabilities affecting devices with ARM-based and Intel CPUs. Intel has disclosed additional Spectre vulnerabilities, called Microarchitectural Data Sampling (MDS), that apply to desktop and notebook computers with Intel CPUs, including all modern Mac computers.

An Apple support document on the ZombieLoad vulnerability provides details for "full mitigation" protection that can be enabled for customers with computers at heightened risk or that run untrusted software on their Macs.

Full mitigation requires using the Terminal app to enable additional CPU instructions and disable hyper-threading processing technology, which is available for macOS Mojave, High Sierra, and Sierra, but not on certain older machines. Apple says full mitigation could reduce performance by up to 40 percent, so most users will not want to enable it.

According to Intel, its microcode updates will have an impact on processor performance, but for the patch that Apple released in macOS Mojave 10.14.5, there was no measurable performance impact. Apple's fix prevents the exploitation of ZombieLoad vulnerabilities via JavaScript in Safari.

An Intel spokesperson told TechCrunch that most patched consumer devices could take a 3 percent performance hit at worst, and as much as 9 percent in a datacenter environment. But, the spokesperson said, it was unlikely to be noticeable in most scenarios.

As mentioned above, customers who enable Apple's full mitigation option will indeed see processor slowdowns because of the need to disable hyper-threading.

One of the researchers who discovered ZombieLoad, Daniel Gruss, told TechCrunch that ZombieLoad is easier to exploit than Spectre, but more difficult than Meltdown, and that it requires a specific set of skills, which means the average person doesn't need to worry.

Update: This article previously said that Apple would release a patch, but it has been updated to clarify that Apple addressed the issue in security updates made available to Mac owners yesterday. Customers running Mojave should update to macOS 10.14.5, while customers running older versions of macOS should install any available security updates.

Top Rated Comments

Santabean2000 Avatar
29 months ago
Between all these issues and the delays, I’m just hanging out for A-Series Macs at this point.

Intel to the curb; Windows be damned.
Score: 12 Votes (Like | Disagree)
now i see it Avatar
29 months ago
A 2010 Mac Mini running El Capitan is looking pretty good right about now
Score: 9 Votes (Like | Disagree)
Bustycat Avatar
29 months ago
Between all these issues and the delays, I’m just hanging out for A-Series Macs at this point.

Intel to the curb; Windows be damned.
Or Apple should just switch to Ryzen.
Score: 7 Votes (Like | Disagree)
cmaier Avatar
29 months ago
As a CPU designer who formerly had to compete with Intel and it’s hyperthreading microarchitectures, I am retroactively glad we didn’t go that way. It always seemed like sharing buffers between threads opened up way too many opportunities for mischief unless you put in a lot of extra hardware to zero-out every memory structure between context switches, and that would probably eliminate any speed benefit anyway.
Score: 7 Votes (Like | Disagree)
tywebb13 Avatar
29 months ago
[USER=690974]@tywebb13[/USER]

I am still in HS
Can I please have the direct links for
iTunes Device Support Update
Safari 12.1.1
And the latest
gatekeeper and xprotect

Thanks
Came
http://swcdn.apple.com/content/down...j7tgzg4zzuvn3scnsztzq3dked/MobileDeviceSU.pkg ('http://swcdn.apple.com/content/downloads/09/58/041-62886/gyhsj0r6j7tgzg4zzuvn3scnsztzq3dked/MobileDeviceSU.pkg')

http://swcdn.apple.com/content/down...gsxdj09bat1u4t/Safari12.1.1HighSierraAuto.pkg ('http://swcdn.apple.com/content/downloads/11/43/041-29455/th6as97r3li57d3lz5qwgsxdj09bat1u4t/Safari12.1.1HighSierraAuto.pkg')

http://swcdn.apple.com/content/down...m808sfkhernhm6t03ocg/GatekeeperConfigData.pkg ('http://swcdn.apple.com/content/downloads/01/50/041-56834/gxlfpqocbqlortm808sfkhernhm6t03ocg/GatekeeperConfigData.pkg')

http://swcdn.apple.com/content/downloads/35/05/041-59062/l0a9hglm2vcwewfkld5832ivg90gh4xtns/XProtectPlistConfigData.pkg
Score: 4 Votes (Like | Disagree)
Duane Martin Avatar
29 months ago
Yes, there's a crisis. Update to the version of macOS that will force Notarization on you! Coincidence or inside bug discovery they were waiting on to inform Intel of AFTER they had a reason to force people to update to a version of the OS that can control everything you do....
Interesting. So I am sure several members are wondering "Notarization? Being forced on me? What's that all about?" The implication that Notarization "can control everything you do" is certainly a scary idea.

So, I looked up Notarization ('https://www.macrumors.com/2019/04/08/mac-apps-notarization-macos-10-14-5/') to find out what fresh evil was being forced upon me. Well, according to MacRumors own thread "as of macOS 10.14.5, all new software distributed with a new Developer ID must be notarized in order to run." Or, in other words, new software from new developers must be notarized by Apple for the OS to allow it to run, the idea being this will help identify authentic software NOT DOWNLOADED FROM THE MAC APP STORE from malware. In future versions of the OS all software not from the Mac App Store will have to have notarization from the developer which is supplied by Apple.

So how does this control everything you do? It doesn't. Is it a huge imposition on the Mac users? It's not. Is it terribly inconvenient for developers who don't distribute software through the Mac App Store? Well, it is an added step but not an overly onerous one; I don't think it will put anyone out of business. Will it make your computer more secure? Yes, probably, for awhile at least until this, too, is defeated.

But hey, just because you are paranoid and espouse wild conspiracy theories doesn't mean the government isn't watching everything you do. Keep the faith.
Score: 4 Votes (Like | Disagree)

Top Stories

Pro Display XDR Yella

Apple Working on External Display With Built-In A13 Chip

Friday July 23, 2021 9:37 am PDT by
Apple is developing an external display that includes an A13 chip with Neural Engine, according to a new rumor from 9to5Mac. The A13 chip with Neural Engine would presumably serve as an eGPU, though details are light at this time. Having a CPU/GPU built into the external display could help Macs deliver high-resolution graphics without using all the resources of the computer's internal chip....
airpods 3 gizmochina Feature

AirPods 3 Rumored to Launch Alongside iPhone 13 at Expected September Event

Friday July 23, 2021 12:54 am PDT by
The third-generation AirPods will likely launch at the same event revealing Apple's upcoming iPhone 13 lineup, according to a report from DigiTimes, which makes the claim citing sources familiar with the matter. The report as a whole echoes previous reporting that production of the third-generation AirPods will kickstart in August, meaning a launch shortly after can be easily expected. DigiTi...
discount m1 macbook yellow

Deals: Shop Record Low Prices Across Apple's Full MacBook Pro and MacBook Air Lineup (Up to $499 Off)

Friday July 23, 2021 8:23 am PDT by
Apple's MacBook Pro and MacBook Air lineup is seeing all-time low discounts across the board today, including the 2019 16-inch MacBook Pro, 2020 13-inch MacBook Air, and 2020 13-inch MacBook Pro. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. 13-Inch M1...
iPad mini pro feature

Next iPad Mini Won't Feature Mini-LED Display, Claims Display Analyst

Friday July 23, 2021 8:07 am PDT by
Yesterday, DigiTimes claimed that the upcoming iPad mini will feature a mini-LED display, but now, display analyst Ross Young is going at odds with that report, claiming that while the updated iPad mini continues to be on track for a release this year, it won't feature a mini-LED display. Young says he "confirmed" with Radiant Opto-Electronics, who DigiTimes claims would provide Apple with...
idos 2 app ios

Apple to Pull 'iDOS 2' DOS Emulator From App Store

Thursday July 22, 2021 3:22 pm PDT by
iDOS 2, an app designed to allow users to play classic DOS games, will soon be pulled from the App Store, the app's creator said today. According to iDOS developer Chaoji Li, he tried to submit an iDOS update with bug fixes to the App Store, but was told that the update was rejected because it violated the 2.5.2 App Store guideline that says apps cannot install or launch executable code.Durin...
m1 macbook air

Kuo: Mini-LED MacBook Air Coming in Mid-2022

Thursday July 22, 2021 7:48 pm PDT by
Apple will release a new version of the MacBook Air around the middle of 2022, Apple analyst Ming-Chi Kuo said today in note to investors seen by MacRumors. The upcoming MacBook Air will feature a 13.3-inch mini-LED display, which would make it the second Mac to gain mini-LED technology after the 2021 MacBook Pro, which is rumored to include a mini-LED display and is expected to launch later ...
iphone12cameras

iPhone Helps to Identify Rare Form of Cancer

Friday July 23, 2021 4:00 am PDT by
A photo taken on an iPhone has helped to identify a rare form of cancer, according to news reports. A mother of three from Gainesville, Florida took a photo of her three-month-old son using her iPhone and its True Tone flash, which highlighted an abnormality in his right eye. The boy's mother, a labor and delivery nurse, recalled learning about retinoblastoma during her training....
iphone 13 blue with text

iPhone 13 May Support 25W Fast Charge Power Adapter

Friday July 23, 2021 2:52 am PDT by
The iPhone 13 may support faster-charging speeds with a 25W power adapter, compared to the current limitation of the iPhone 12, which only supports fast charging at up to 20W, according to a rumor originating from China. The iPhone 12 supports fast charging with a 20W or higher power adapter; however, even if users use a more powerful wall adapter, the iPhone itself only supports up to 20W....
iPad mini pro feature

Next-Generation iPad Mini Will Reportedly Feature a Mini-LED Display

Thursday July 22, 2021 9:03 am PDT by
Apple is widely rumored to be planning a new iPad mini with a significant redesign, including a larger 8.5-inch to 9-inch display with slimmer bezels, a Touch ID power button instead of a home button, a USB-C port instead of a Lightning connector, and more. According to a paywalled preview of a DigiTimes report today, the sixth-generation iPad mini will also feature a mini-LED display:BLU...
magsafe battery pack iphone 12 mini

Top Stories: Hands-On With MagSafe Battery Pack, iPhone 13 Always-On Display?

Saturday July 24, 2021 6:00 am PDT by
Apple's new MagSafe Battery Pack is now available, and we went hands-on this week for some early impressions of the new accessory to get more battery life out of Apple's iPhone 12 lineup. Subscribe to the MacRumors YouTube channel for more videos. This week also saw a number of rumors about the upcoming redesigned MacBook Pro models, the iPhone 13 lineup, the next-generation iPad mini, a new...