Apple has announced that a new speculative execution exploit affecting Intel CPU architecture named Zombieload could affect Mac computers with up to 40 percent drop in performance. The iPhone maker has posted a new document detailing how customers with Macs at heightened risk can enable full mitigation against the vulnerability. It notes that full mitigation is not enabled by default since it comes with big performance decline and might not necessarily serve any purpose in terms of security to an average user.
Watch: OnePlus 7 Pro First Look
According to AppleInsider, several pre-2011 Macs could be vulnerable to security exploits like “ZombieLoad” and Apple says it won’t be able to fix that since Intel is not likely to issue microcode updates. The Cupertino-based company notes that ZombieLoad itself will not affect these machines because of the attack vector used here but Apple won’t be able to fully patch these machines against “speculative execution vulnerabilities”.
These pre-2011 Macs are the ones that are either supported as vintage ones or are capable of running the latest release of macOS Mojave by Apple. “These models may receive security updates in macOS Mojave, High Sierra or Sierra but are unable to support the fixes and mitigation due to a lack of microcode updates from Intel,” Apple said in a statement.
The list of pre-2011 Macs that could be affected by speculative execution vulnerability affecting Intel chips in the future are:
MacBook (13-inch, Late 2009)
MacBook (13-inch, Mid 2010)
MacBook Air (13-inch, Late 2010)
MacBook Air (11-inch, Late 2010)
MacBook Pro (17-inch, Mid 2010)
MacBook Pro (15-inch, Mid 2010)
MacBook Pro (13-inch, Mid 2010)
iMac (21.5-inch, Late 2009)
iMac (27-inch, Late 2009)
iMac (21.5-inch, Mid 2010)
iMac (27-inch, Mid 2010)
Mac mini (Mid 2010)
Mac Pro (Late 2010)
Apple says most users won’t be affected by the “ZombieLoad” vulnerability and recommends using the patches added to the newest version of macOS. However, those who think the basic protection won’t be enough should go for full mitigation, which could result in a decline in performance by as much as 40 percent.
- Internet Explorer: A zero-day security vulnerability allows hackers to steal files from Windows
- WhatsApp vulnerability discovered that lets you bypass Face ID or Touch ID security feature
- iOS 12.1.4 fixes two security vulnerabilities that were ‘exploited in the wild’: Google
- Google Chrome update brings with it a patch for critical zero-day vulnerability