Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

'ZombieLoad' vulnerability in Intel processors puts data in danger on Mac

Last updated

Yet another major flaw has been discovered in practically all of Intel's processors released since 2011, with a new class of discovered vulnerabilities that could allow sensitive information to be stolen from the processor, in an issue likened to the Meltdown and Spectre fiasco.

A number of researchers who found the Meltdown and Spectre chip flaws, which affected nearly all iOS and macOS devices, have found more flaws in Intel's processors. The vulnerabilities used problems with the way processors were designed to enable attackers to acquire data temporarily stored on the processor, including sensitive user data being used for tasks.

Some of those researchers have detailed a new side-channel attack called "ZombieLoad," which can potentially pull of the same trick of exploiting design flaws in an Intel processor, reports TechCrunch.

Unlike Meltdown and Spectre, the issue only lies with Intel processors, leaving AMD and ARM chips unaffected. This means that only Macs released since 2011 are at risk of the issue, and iPhones, iPads, and others using A-series processors are fine.

ZombieLoad is named after the "zombie load" used in the attack, namely a large amount of data provided to the processor that it cannot properly process. When encountering the issue, the processor refers to its microcode to prevent a crash.

While in normal cases apps can only see its own data, the flaw means that data can bleed across to other apps, and in the case of ZombieLoad, will leak all data loaded into the processor's core. It isn't clear if exploits are available in the wild, but they would not be "drive-by" attacks, and would have to rely on maliciously coded software to leverage.

A proof of concept attack video shows how the flaw could be abused to monitor websites that a victim is reading. This is also possible despite normal efforts to obfuscate the activity, including using the privacy-focused Tor browser running within a virtual machine.

As virtual machines can be affected, this means the issue also applies to enterprise users who host multiple virtual instances on servers. An attacker would have the opportunity to acquire data from many active virtual machines simultaneously in such cases, making it potentially dangerous.

Intel advised patches to the microcode will fix the issue, clearing buffers so no data could be read. Microcode patches have been created for Intel Xeon, Broadwell, Sandy Bridge, Skylake, and Haswell chips, but processors including Kaby Lake, Coffee Lake, Whiskey Lake, and Cascade Lake chips, and all Atom and Knights variants, are also affected.

Apple has already patched the issue in Safari with no measurable performance hit in its release of macOS Mojave 10.14.5 on Monday. A 40-percent reduction in performance may be experienced by those who elect to apply the full mitigation, as it would involve the disabling of hyper-threading, though most users may wish to avoid going down this route.

"The Mojave patch from Monday has robust protections for MDS vulnerabilities. If users feel that they are at a high-risk for related attacks, we've enabled the ability to turn off hyper-threading in total in Mojave, Sierra, or High Sierra," a source within Apple corporate not authorized to speak on behalf of the company told AppleInsider. "There are no 'in the wild' exploits at this time for macOS, and we aren't expecting any."

Apple does advise that there are some models that are not able to include the fixes due to a lack of microcode updates from Intel. The list of unsupported Mac models largely consists of MacBook, MacBook Air, MacBook Pro, iMac, Mac Pro, and Mac mini models released between 2009 and 2010.