MacRumors
All >
Guides
A12Z vs A12X

Apple in March 2020 introduced new 11- and 12.9-inch iPad Pro models with A12Z processors. Here's how it compares to the A12X.

FaceTime

Everything you might want to know about FaceTime.

How to Group FaceTime

Many people are stuck at home, away from friends and family. Apple's FaceTime can video chat with up to 32 people at once.

How to Clean and Sanitize your iPhone

Washing your hands is only going half way. You should also clean your iPhone regularly.

How to Clean Your Keyboard, Trackpad and Mouse
iOS 13 Battery Tips
iPhone
Night Mode (iPhone 11)
iPhone 11 vs iPhone 11 Pro
iPhone 11 vs iPhone XR
iOS 13: Hidden Features
See more guides
Upcoming
iPhone 12
September 2020

Four new phones in three sizes expected with 5G and new AR capabilities.

iPhone SE 2
Early 2020

Low-cost device similar to iPhone 8 but with upgraded internals such as latest A13 chip.

MacBook Pro
Early 2020

Updated 13-inch model with the redesigned scissor keyboard expected.

AirTags
2020?

Apple is working on a Tile-like Bluetooth tracking device that's designed to be attached to items like keys and wallets for tracking purposes, letting you find them right in the Find My app.

iOS 14
Foldable iPhone
See full product calendar

New 'ZombieLoad' Vulnerability Affects Intel Chips Dating Back to 2011, Apple Released Patch in macOS 10.14.5 [Updated]

Tuesday May 14, 2019 10:42 am PDT by Juli Clover

Security researchers have discovered a new set of vulnerabilities that affect Intel chips dating back to 2011, including the chips that have been used in Apple devices.

As outlined by TechCrunch, "ZombieLoad," as it's being called, consists of four bugs that can allow hackers to exploit the design flaws in the chips to steal sensitive information directly from the processor.


These vulnerabilities are as serious as the Meltdown and Spectre vulnerabilities that were discovered in early 2018 and take advantage of the same speculative execution process, which is designed to speed up data processing and performance.

A white paper shared by notable security researchers (including some who worked on Spectre and Meltdown) offers details on how ZombieLoad functions. [PDF]

While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.

The attack does not only work on personal computers but can also be exploited in the cloud.

ZombieLoad impacts almost every Intel computer dating back to 2011, but AMD and ARM chips are not affected. A demonstration of ZombieLoad was shared on YouTube, displaying how it works to see what you're doing on your computer. While spying on web browsing is demoed, it can also be used for other purposes like stealing passwords.


There have been no reports of hackers taking advantage of the ZombieLoad vulnerabilities at this time, and Intel has released microcode for vulnerable processors. Apple addressed the vulnerability in the macOS Mojave 10.14.5 update that was released yesterday and in security patches for older versions of macOS that were also released yesterday.

Apple has released security updates in macOS Mojave 10.14.5 to protect against speculative execution vulnerabilities in Intel CPUs.
The issues addressed by these security updates do not affect Apple iOS devices or Apple Watch.
Apple previously released security updates to defend against Spectre—a series of speculative execution vulnerabilities affecting devices with ARM-based and Intel CPUs. Intel has disclosed additional Spectre vulnerabilities, called Microarchitectural Data Sampling (MDS), that apply to desktop and notebook computers with Intel CPUs, including all modern Mac computers.

An Apple support document on the ZombieLoad vulnerability provides details for "full mitigation" protection that can be enabled for customers with computers at heightened risk or that run untrusted software on their Macs.

Full mitigation requires using the Terminal app to enable additional CPU instructions and disable hyper-threading processing technology, which is available for macOS Mojave, High Sierra, and Sierra, but not on certain older machines. Apple says full mitigation could reduce performance by up to 40 percent, so most users will not want to enable it.

According to Intel, its microcode updates will have an impact on processor performance, but for the patch that Apple released in macOS Mojave 10.14.5, there was no measurable performance impact. Apple's fix prevents the exploitation of ZombieLoad vulnerabilities via JavaScript in Safari.

An Intel spokesperson told TechCrunch that most patched consumer devices could take a 3 percent performance hit at worst, and as much as 9 percent in a datacenter environment. But, the spokesperson said, it was unlikely to be noticeable in most scenarios.

As mentioned above, customers who enable Apple's full mitigation option will indeed see processor slowdowns because of the need to disable hyper-threading.

One of the researchers who discovered ZombieLoad, Daniel Gruss, told TechCrunch that ZombieLoad is easier to exploit than Spectre, but more difficult than Meltdown, and that it requires a specific set of skills, which means the average person doesn't need to worry.

Update: This article previously said that Apple would release a patch, but it has been updated to clarify that Apple addressed the issue in security updates made available to Mac owners yesterday. Customers running Mojave should update to macOS 10.14.5, while customers running older versions of macOS should install any available security updates.

Top Rated Comments

(View all)
Avatar
Santabean2000
12 months ago
Between all these issues and the delays, I’m just hanging out for A-Series Macs at this point.

Intel to the curb; Windows be damned.
Score: 12 Votes (Like | Disagree)
Avatar
now i see it
12 months ago
A 2010 Mac Mini running El Capitan is looking pretty good right about now
Score: 9 Votes (Like | Disagree)
Avatar
Bustycat
12 months ago

Between all these issues and the delays, I’m just hanging out for A-Series Macs at this point.

Intel to the curb; Windows be damned.

Or Apple should just switch to Ryzen.
Score: 7 Votes (Like | Disagree)
Avatar
cmaier
12 months ago
As a CPU designer who formerly had to compete with Intel and it’s hyperthreading microarchitectures, I am retroactively glad we didn’t go that way. It always seemed like sharing buffers between threads opened up way too many opportunities for mischief unless you put in a lot of extra hardware to zero-out every memory structure between context switches, and that would probably eliminate any speed benefit anyway.
Score: 7 Votes (Like | Disagree)
Avatar
tywebb13
12 months ago

[USER=690974]@tywebb13[/USER]

I am still in HS
Can I please have the direct links for
iTunes Device Support Update
Safari 12.1.1
And the latest
gatekeeper and xprotect

Thanks
Came

http://swcdn.apple.com/content/down...j7tgzg4zzuvn3scnsztzq3dked/MobileDeviceSU.pkg ('http://swcdn.apple.com/content/downloads/09/58/041-62886/gyhsj0r6j7tgzg4zzuvn3scnsztzq3dked/MobileDeviceSU.pkg')

http://swcdn.apple.com/content/down...gsxdj09bat1u4t/Safari12.1.1HighSierraAuto.pkg ('http://swcdn.apple.com/content/downloads/11/43/041-29455/th6as97r3li57d3lz5qwgsxdj09bat1u4t/Safari12.1.1HighSierraAuto.pkg')

http://swcdn.apple.com/content/down...m808sfkhernhm6t03ocg/GatekeeperConfigData.pkg ('http://swcdn.apple.com/content/downloads/01/50/041-56834/gxlfpqocbqlortm808sfkhernhm6t03ocg/GatekeeperConfigData.pkg')

http://swcdn.apple.com/content/downloads/35/05/041-59062/l0a9hglm2vcwewfkld5832ivg90gh4xtns/XProtectPlistConfigData.pkg
Score: 4 Votes (Like | Disagree)
Avatar
Duane Martin
12 months ago

Yes, there's a crisis. Update to the version of macOS that will force Notarization on you! Coincidence or inside bug discovery they were waiting on to inform Intel of AFTER they had a reason to force people to update to a version of the OS that can control everything you do....

Interesting. So I am sure several members are wondering "Notarization? Being forced on me? What's that all about?" The implication that Notarization "can control everything you do" is certainly a scary idea.

So, I looked up Notarization ('https://www.macrumors.com/2019/04/08/mac-apps-notarization-macos-10-14-5/') to find out what fresh evil was being forced upon me. Well, according to MacRumors own thread "as of macOS 10.14.5, all new software distributed with a new Developer ID must be notarized in order to run." Or, in other words, new software from new developers must be notarized by Apple for the OS to allow it to run, the idea being this will help identify authentic software NOT DOWNLOADED FROM THE MAC APP STORE from malware. In future versions of the OS all software not from the Mac App Store will have to have notarization from the developer which is supplied by Apple.

So how does this control everything you do? It doesn't. Is it a huge imposition on the Mac users? It's not. Is it terribly inconvenient for developers who don't distribute software through the Mac App Store? Well, it is an added step but not an overly onerous one; I don't think it will put anyone out of business. Will it make your computer more secure? Yes, probably, for awhile at least until this, too, is defeated.

But hey, just because you are paranoid and espouse wild conspiracy theories doesn't mean the government isn't watching everything you do. Keep the faith.
Score: 4 Votes (Like | Disagree)
Read All Comments

Top Stories

Apple Acquires Weather App Dark Sky

Tuesday March 31, 2020 10:22 am PDT by Juli Clover
Apple has acquired weather app Dark Sky, Dark Sky's developers announced today. Dark Sky is one of the most popular weather apps on the App Store, known for its accuracy and storm warnings. Our goal has always been to provide the world with the best weather information possible, to help as many people as we can stay dry and safe, and to do so in a way that respects your privacy. There is no ...
Read Full Article208 comments

Zoom Accused of Misleading Users With 'End-to-End Encryption' Claims Amid Other Security Issues [Updated]

Wednesday April 1, 2020 2:47 am PDT by Tim Hardwick
Zoom is facing fresh scrutiny today following a report that the videoconferencing app's encryption claims are misleading. Zoom states on its website and in its security white paper that the app supports end-to-end encryption, a term that refers to a way of protecting user content so that the company has no access to it whatsoever. However, an investigation by The Intercept reveals that...
Read Full Article69 comments

Case for Upcoming Low-Cost iPhone Shows Up at Best Buy With Alleged April 5 Stock Date

Monday March 30, 2020 4:25 pm PDT by Juli Clover
Apple has a new low-cost iPhone in the works, which is supposed to be launching sometime in the first half of 2020. Given the ongoing situation in the United States and other countries, it's been unclear if the device is going to launch within the planned timeline, but there are signs that it could be coming soon. We started seeing cases for the new low-cost iPhone back in early February,...
Read Full Article118 comments

Bloomberg: Apple's 5G iPhone Still on Schedule for Fall Launch, But Future Products Could Be Delayed

Monday March 30, 2020 2:40 am PDT by Tim Hardwick
Apple's 5G iPhone is still on track to launch within the company's typical annual fall release schedule, according to a new Bloomberg report on filed on Monday. Signs are that Apple's Chinese-centric manufacturing -- of which Hon Hai is the linchpin -- is slowly getting back on track. The next iPhones with 5G wireless capabilities remain on schedule to launch in the fall, partly because mass...
Read Full Article86 comments

Testing Brydge's New Pro+ Keyboard With Trackpad for iPad Pro

Monday March 30, 2020 2:04 pm PDT by Juli Clover
Well ahead of when Apple introduced trackpad support in iOS 13.4, Brydge announced an iPad Pro keyboard with a built-in multi-touch trackpad. We have one of Brydge's new Pro+ keyboards on hand, and thought we'd check it out to see how it works with Apple's new 2020 iPad Pro models. Subscribe to the MacRumors YouTube channel for more videos. The Brydge Pro+ keyboard is similar in design to...
Read Full Article52 comments

Apple's Work on New Upcoming Products Progressing Normally as Employees Adjust to Telecommuting

Monday March 30, 2020 11:58 am PDT by Juli Clover
Apple's development of upcoming products is progressing as usual despite the fact that Apple employees around the world are working from home, according to a new report today out from Bloomberg. Apple is still working on new versions of the HomePod, Apple TV, MacBook Pro, budget iPads, Apple Watch, iPhone, and iMac, all of which could be released "as early as later this year" and have been...
Read Full Article42 comments

Apple Releases ProRes RAW Beta for Windows

Monday March 30, 2020 9:33 am PDT by Juli Clover
Apple today released ProRes RAW for Windows in a beta capacity (via Mark Gurman), with the software designed to allow ProRes RAW and ProRes RAW HQ video files to be watched in compatible applications on Windows machines. According to Apple, the software will let the files be played within several Adobe apps: Adobe After Effects (Beta) Adobe Media Encocder (Beta) Adobe Premiere...
Read Full Article44 comments

Apple Configurator 2 Updated With New Features, Including Support for Restoring Firmware on 2019 Mac Pro

Tuesday March 31, 2020 5:34 am PDT by Joe Rossignol
Apple Configurator 2 has been updated to version 2.12 with several improvements, including support for restoring firmware on the 2019 Mac Pro. The release notes:• Added support for restoring firmware on the 2019 Mac Pro • Allow access to websites using TLS 1.0 and 1.1 • VPN: Configure Provider Designated Requirement for Custom SSL connection type • VPN: Configure network options for ...
Read Full Article9 comments

Seemingly Unreleased Version of Logic Pro X With Live Loops Appears on Apple's Education Site [Updated]

Sunday March 29, 2020 7:23 am PDT by Hartley Charlton
Update: Apple has replaced the Logic Pro X image with an older version. Original story follows. A seemingly unreleased version of Logic Pro X has appeared on Apple's education site, as spotted by a Reddit user. The image from Apple's education products page shows a 16-inch MacBook Pro running Logic Pro X, but with a familiar interface that looks extremely similar to GarageBand's Live Loops ...
Read Full Article64 comments

Apple's 2020 MacBook Air vs. 2020 iPad Pro

Wednesday April 1, 2020 2:45 pm PDT by Juli Clover
Apple in March updated both the MacBook Air and the iPad Pro, and with the iPad Pro increasingly positioned as a computer replacement, we thought we'd compare both new machines to see how they measure up and which one might be a better buy depending on user needs. Subscribe to the MacRumors YouTube channel for more videos. We're comparing the base model 12.9-inch iPad Pro and the base model...
Read Full Article82 comments
Mac RumorsMac Rumors

 

MacRumors attracts a broad audience of both consumers and professionals interested in the latest technologies and products. We also boast an active community focused on purchasing decisions and technical aspects of the iPhone, iPod, iPad, and Mac platforms.

Advertise on MacRumors


Our Staff

Arnold Kim
Editorial Director
EmailTwitter
Eric Slivka
Editor in Chief
EmailTwitter
Juli Clover
Senior Editor
EmailTwitterGoogle+
Joe Rossignol
Editor
EmailTwitter
Marianne Schultz
Editor
EmailTwitter
Dan Barbera
Video Content Producer
EmailTwitter
Mitchel Broussard
Contributing Editor
EmailTwitter
Tim Hardwick
Contributing Writer
EmailTwitter
Chris Jenkins
Contributing Writer
EmailTwitter
Steve Moser
Contributing Writer
EmailTwitter

Links

Touch Arcade
Bullet Hell Shmup ‘Bullet Hell Monday Finale’ From Masayuki Ito Releases This Month on iOS and Android
The “Priest” and “Ghoul” DLCs for ‘Cultist Simulator’ Are Out Now and the Base Game Is Discounted to Celebrate the DLC Launch for a Limited Time
Out Now: ‘Bomb Chicken’, ‘Totally Reliable Delivery Service’, ‘Bleach: Immortal Soul’, ‘Orwell: Keeping an Eye on You’, ‘R.B.I. Baseball 20’, ‘Sagrada’, ‘2 Grind 2 Furious!’, ‘Red and Blue’ and More
SwitchArcade Round-Up: ‘Saints Row IV: Re-Elected’ Review, Mini-Views Featuring ‘Dezatopia’, Today’s New Releases and Sales, and More
The Fantastic ‘GRIS’ Is Now Available on Android as a Premium Release
Wacky Physics-Based Sandbox Game ‘Totally Reliable Delivery Service’ Is Now Available on iOS and Android for Free
‘DOOM’ and ‘DOOM II’ Updates with New Level Pack, Quality of Life Features, Audio Improvements, and More Available Now on All Platforms
Become the Top Dog in the Online Multiplayer Strategy Game ‘Bark Park’ that’s Launching this Week
YouTube
2020 iPad Pro vs MacBook Air - Which Should You Buy?
New Brydge Pro+ Keyboard with Trackpad for iPad Pro!
New Apple Products, Free Final Cut Pro X, iPhone 12 Delays, Apple Retail Stores Reopening and More!
NEW 2020 MacBook Air Hands-On & First Impressions
NEW iPad Pro Hands-On & First Impressions
Copyright © 2000-2020 MacRumors.com, LLC.
Privacy / DMCA contact / Affiliate and FTC Disclosure
[ Featured On/Off ] [ Full Articles On/Off ] [ Fluid | Fluid HD ] [ Auto | Light | Dark ]