A new attack, dubbed “ZombieLoad,” was discovered by security researchers, TechCrunch reported today, and it affects all Intel chips dating as far back as 2011. Most of your Macs have been affected by this vulnerability, which Apple fixed with the recent macOS Mojave 10.14.5 software update released yesterday.
This attack lets a rogue party steal your sensitive data and encryption keys while the computer accesses them. AMD and ARM chips are unaffected.
Here’s the technical explanation of how the attack works:
While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords or system-level secrets, such as disk encryption keys.
Way more detailed information is available in a white paper.
CPU.fail explains that this attack resurrects your private browsing-history and other sensitive data, allowing private information from other apps to leak, including the operating system itself, any virtual machines running in the cloud and trusted execution environments.
To see ZombieLand in action, watch the video embedded ahead which demonstrates how this ZombieLoad allows an attacker to spy on your web browsing activity. The attack works even if you’re using a privacy-preserving browser like Tor running in a virtual machine.
“Apple has released security updates in macOS Mojave 10.14.5 to protect against speculative execution vulnerabilities in Intel CPUs,” the Cupertino company noted in a support document published on its website today. The fix also prevents the exploitation of ZombieLoad vulnerabilities through JavaScript in Safari.
Another support document explains that multiple information disclosure issues were addressed partially by updating the microcode and changing the OS scheduler to isolate the system from web content running in the browser.
Full protection requires using the Terminal app to enable microcode-based mitigations for all processes by default and disable hyper-threading processing technology. Full mitigation is available for macOS Mojave, High Sierra and Sierra.
Although enabling mitigation protection is recommended to prevent harmful apps from exploiting these vulnerabilities, but doing so could reduce your Mac’s performance by up to as much as 40 percent.
Applying just a software patch without enabling full mitigations, your Mac may take a three percent performance hit at worst and as much as nine percent for computers in a datacenter environment, Intel has said. A software patch is delivered as part of the macOS Mojave 10.14.5 update.
For Macs running High Sierra and Sierra, you would want to install separate security updates. Intel also released microcode updates for vulnerable processors. Older Mac models listed down below cannot support the fixes and mitigations due to a lack of microcode updates from Intel.
- MacBook (13-inch, Late 2009)
- MacBook (13-inch, Mid 2010)
- MacBook Air (13-inch, Late 2010)
- MacBook Air (11-inch, Late 2010)
- MacBook Pro (17-inch, Mid 2010)
- MacBook Pro (15-inch, Mid 2010)
- MacBook Pro (13-inch, Mid 2010)
- iMac (21.5-inch, Late 2009)
- iMac (27-inch, Late 2009)
- iMac (21.5-inch, Mid 2010)
- iMac (27-inch, Mid 2010)
- Mac mini (Mid 2010)
- Mac Pro (Late 2010)
Apple notes that there are no known exploits affecting customers at the time of its writing. The issues addressed by these security updates do not affect Apple iOS devices or Apple Watch, it reads.
Recent Comments