Several pre-2011 Macs could still be vulnerable to “ZombieLoad” has some similarities to the Meltdown and Spectre bugs we saw last year. Apple has already patched the vulnerabilities with yesterday’s macOS 10.14.5 update.
As reported by TechCrunch, security researchers have discovered what they are calling a new class of vulnerabilities in Intel chips going back to 2011 and can also be used against virtual machines. As described by CPU.fail, here’s how the attack works:
The ZombieLoad attack resurrects your private browsing-history and other sensitive data. It allows to leak information from other applications, the operating system, virtual machines in the cloud and trusted execution environments.
There haven’t been any publicly known examples of ZombieLoad being used maliciously, but it’s still a good idea to update your Mac’s software. Intel already released microcode updates.
The full list of these older Macs which are still supported by Apple as ‘vintage’ machines, or are capable of running Mojave, the latest version of macOS is as follows:
- MacBook (13-inch, Late 2009)
- MacBook (13-inch, Mid 2010)
- MacBook Air (13-inch, Late 2010)
- MacBook Air (11-inch, Late 2010)
- MacBook Pro (17-inch, Mid 2010)
- MacBook Pro (15-inch, Mid 2010)
- MacBook Pro (13-inch, Mid 2010)
- iMac (21.5-inch, Late 2009)
- iMac (27-inch, Late 2009)
- iMac (21.5-inch, Mid 2010)
- iMac (27-inch, Mid 2010)
- Mac mini (Mid 2010)
- Mac Pro (Late 2010)
Intel did say that performance may take a minor hit of up 3%, but that most users won’t notice any changes with the patches installed. Datacenters, on the other hand, could see performance drop as much as 9%.