Skip to main content

Almost all Macs since 2011 affected by new ‘ZombieLoad’ Intel chip vulnerability, patch included in macOS 10.14.5

Intel has detailed today that four new exploits named ZombieLoad make almost every chip it has made since 2011 vulnerable to attacks. ZombieLoad has some similarities to the Meltdown and Spectre bugs we saw last year. Apple has already patched the vulnerabilities with yesterday’s macOS 10.14.5 update.

As reported by TechCrunch, security researchers have discovered what they are calling a new class of vulnerabilities in Intel chips going back to 2011 and can also be used against virtual machines. As described by CPU.fail, here’s how the attack works:

The ZombieLoad attack resurrects your private browsing-history and other sensitive data. It allows to leak information from other applications, the operating system, virtual machines in the cloud and trusted execution environments.

Like Spectre and Meltdown, ZombieLoad attacks leverage weaknesses in speculative execution and some of the same security researchers who discovered Meltdown and Spectre reported the new ZombieLoad vulnerabilities to Intel.

“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago.

One of the researchers, Daniel Gruss, told TC that these are advanced attacks, sitting in difficulty between Spectre and Meltdown to execute.

These are far from drive-by exploits where an attacker can take over your computer in an instant. Gruss said it was “easier than Spectre” but “more difficult than Meltdown” to exploit — and both required a specific set of skills and effort to use in an attack.

There haven’t been any publicly known examples of ZombieLoad being used maliciously, but it’s still a good idea to update your Mac’s software. Intel already released microcode updates and Apple has implemented them in yesterday’s macOS 10.14.5 update. Apple also has High Sierra and Sierra security updates for ZombieLoad as well.

Intel did say that performance may take a minor hit of up 3%, but that most users won’t notice any changes with the patches installed. Datacenters, on the other hand, could see performance drop as much as 9%.

Read more about ZombieLoad in TechCrunch’s post here.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Author

Avatar for Michael Potuck Michael Potuck

Michael is an editor for 9to5Mac. Since joining in 2016 he has written more than 3,000 articles including breaking news, reviews, and detailed comparisons and tutorials.