comscore
News

Apple says pre-2011 Macs may not be patched against vulnerabilities similar to ZombieLoad in future

Apple says several pre-2011 Macs may not be patched against speculative execution vulnerabilities similar to ZombieLoad in the future.

  • Published: May 17, 2019 2:26 PM IST
Apple MacBook Air 2018 (11)

Apple has announced that a new speculative execution exploit affecting Intel CPU architecture named Zombieload could affect Mac computers with up to 40 percent drop in performance. The iPhone maker has posted a new document detailing how customers with Macs at heightened risk can enable full mitigation against the vulnerability. It notes that full mitigation is not enabled by default since it comes with big performance decline and might not necessarily serve any purpose in terms of security to an average user.

In its tests, Apple says it recorded up to 40 percent drop in performance after full mitigation was activated. It explains that such a huge drop in performance can be owed to enabling MDS protection, which disables hyper-threading entirely. Apple says that macOS 10.14.5 includes the most important and relevant security patches and is capable of preventing JavaScript exploits through Safari. Almost all Macs released since 2011 are affected by ZombieLoad and while Apple has released critical fix with minor decline in performance, some Macs may not be patched for future vulnerabilities similar to ZombieLoad.

Watch: OnePlus 7 Pro First Look

According to AppleInsider, several pre-2011 Macs could be vulnerable to security exploits like “ZombieLoad” and Apple says it won’t be able to fix that since Intel is not likely to issue microcode updates. The Cupertino-based company notes that ZombieLoad itself will not affect these machines because of the attack vector used here but Apple won’t be able to fully patch these machines against “speculative execution vulnerabilities”.

These pre-2011 Macs are the ones that are either supported as vintage ones or are capable of running the latest release of macOS Mojave by Apple. “These models may receive security updates in macOS Mojave, High Sierra or Sierra but are unable to support the fixes and mitigation due to a lack of microcode updates from Intel,” Apple said in a statement.

The list of pre-2011 Macs that could be affected by speculative execution vulnerability affecting Intel chips in the future are:

MacBook (13-inch, Late 2009)
MacBook (13-inch, Mid 2010)
MacBook Air (13-inch, Late 2010)
MacBook Air (11-inch, Late 2010)
MacBook Pro (17-inch, Mid 2010)
MacBook Pro (15-inch, Mid 2010)
MacBook Pro (13-inch, Mid 2010)
iMac (21.5-inch, Late 2009)
iMac (27-inch, Late 2009)
iMac (21.5-inch, Mid 2010)
iMac (27-inch, Mid 2010)
Mac mini (Mid 2010)
Mac Pro (Late 2010)

Apple says most users won’t be affected by the “ZombieLoad” vulnerability and recommends using the patches added to the newest version of macOS. However, those who think the basic protection won’t be enough should go for full mitigation, which could result in a decline in performance by as much as 40 percent.

  • Published Date: May 17, 2019 2:26 PM IST