advertisement
Forums

The Forum is sponsored by 
 

AAPL stock: Click Here

You are currently viewing the Tips and Deals forum
Speaking of old Macs: Apple lists Macs it can’t patch against ‘ZombieLoad’ exploits
Posted by: Zoidberg
Date: May 17, 2019 12:13PM

Article with links:
[www.cultofmac.com]


Article:

Apple has published a list of Macs that are still vulnerable to “ZombieLoad” exploits because they cannot be patched.

The older machines — all made before 2011 — may receive security updates, Apple says. But a proper fix won’t be available because Intel won’t release the necessary microcode updates.

The ZombieLoad exploit takes advantage of a newly-discovered vulnerability in all Intel processors released since 2011. It allows attackers to acquire sensitive data temporarily stored on the chip.

Fixing the problem is complicated. Apple has already rolled out patches that mitigate the issue, but users who apply a complete fix could suffer a performance decrease of up to 40%.

Some Mac users won’t get a proper fix at all, Apple has warned.

Older Macs still vulnerable to ZombieLoad

A number of Mac models released before 2011 may remain vulnerable to ZombieLoad and similar exploits, Apple has warned. Those include:

  • MacBook (13-inch, Late 2009)
  • MacBook (13-inch, Mid 2010)
  • MacBook Air (13-inch, Late 2010)
  • MacBook Air (11-inch, Late 2010)
  • MacBook Pro (17-inch, Mid 2010)
  • MacBook Pro (15-inch, Mid 2010)
  • MacBook Pro (13-inch, Mid 2010)
  • iMac (21.5-inch, Late 2009)
  • iMac (27-inch, Late 2009)
  • iMac (21.5-inch, Mid 2010)
  • iMac (27-inch, Mid 2010)
  • Mac mini (Mid 2010)
  • Mac Pro (Late 2010)

ZombieLoad itself won’t work on these machines because they use older Intel chips. But they could be vulnerable to similar “speculative execution vulnerabilities,” Apple says, and there’s only so much Cupertino can do about it.

Intel won’t fix older processors

“These models may receive security updates in macOS Mojave, High Sierra or Sierra,” Apple explains in a new support document. But they are “unable to support the fixes and mitigations due to a lack of microcode updates from Intel.”

You shouldn’t be too concerned, though. Even on newer Macs, it’s unlikely ZombieLoad and similar exploits will affect too many users.

But this is another big reason why Apple is rumored to be developing its own chips for the Mac. Relying on third-parties leads to all kinds of problems that Apple often has no control over.



Make it a good day today.
Options:  Reply • Quote
Re: Speaking of old Macs: Apple lists Macs it can’t patch against ‘ZombieLoad’ exploits
Posted by: sekker
Date: May 17, 2019 03:24PM
This impacts my wife's main, daily machine.

I'm not going to make her Mac take a 40% performance hit, even if Apple/Intel were to offer the 'solution'. My wife would wonder whether I'd have lost my mind.

Time to keep my data secure via backups/archives and, eventually, get her a new computer. Will that be a Mac? Not sure.



Edited 1 time(s). Last edit at 05/17/2019 03:25PM by sekker.
Options:  Reply • Quote
Re: Speaking of old Macs: Apple lists Macs it can’t patch against ‘ZombieLoad’ exploits
Posted by: btfc
Date: May 18, 2019 06:57PM
" Furthermore, in its own technical paper on the MDS attacks, Intel also points out other issues with this attack that makes it highly unlikely that Zombieload and its two brethren flaws would ever be used in a real-world scenario:

- These structures are much smaller than the first level data cache (L1D), and therefore hold less data and are overwritten more frequently.
- As with other speculative execution side channels, exploiting these vulnerabilities outside of a laboratory environment is extremely complex relative to other methods that attackers have at their disposal.
- It is also more difficult to use MDS attacks to infer data that is associated with a specific memory address, which may require the malicious actor to collect significant amounts of data to analyze and locate any secret data.
- Only recently accessed data can be leaked with one of these MDS attacks.
- Turning off hyperthreading prevents attacks. "

[www.zdnet.com]
Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 328
Record Number of Users: 52 on November 20, 2014
Record Number of Guests: 2330 on October 25, 2018