Apple says pre-2011 Macs may not be patched against vulnerabilities similar to Zombie

[welcomewiki]

Apple has announced that a new speculative execution exploit affecting Intel CPU architecture named Zombieload could affect Mac computers with up to 40 percent drop in performance. The iPhone maker has posted a new document detailing how customers with Macs at heightened risk can enable full mitigation against the vulnerability. It notes that full mitigation is not enabled by default since it comes with big performance decline and might not necessarily serve any purpose in terms of security to an average user.

In its tests, Apple says it recorded up to 40 percent drop in performance after full mitigation was activated. It explains that such a huge drop in performance can be owed to enabling MDS protection, which disables hyper-threading entirely. Apple says that macOS 10.14.5 includes the most important and relevant security patches and is capable of preventing JavaScript exploits through Safari. Almost all Macs released since 2011 are affected by ZombieLoad and while Apple has released critical fix with minor decline in performance, some Macs may not be patched for future vulnerabilities similar to ZombieLoad.

Watch: OnePlus 7 Pro First Look

.embed-container { position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden; max-width: 100%; } .embed-container iframe, .embed-container object, .embed-container embed { position: absolute; top: 0; left: 0; width: 100%; height: 100%; }
According to AppleInsider, several pre-2011 Macs could be vulnerable to security exploits like “ZombieLoad” and Apple says it won’t be able to fix that since Intel is not likely to issue microcode updates. The Cupertino-based company notes that ZombieLoad itself will not affect these machines because of the attack vector used here but Apple won’t be able to fully patch these machines against “speculative execution vulnerabilities”.

These pre-2011 Macs are the ones that are either supported as vintage ones or are capable of running the latest release of macOS Mojave by Apple. “These models may receive security updates in macOS Mojave, High Sierra or Sierra but are unable to support the fixes and mitigation due to a lack of microcode updates from Intel,” Apple said in a statement.

Also Read

Apple to bring iPhone features to macOS at WWDC in June

The list of pre-2011 Macs that could be affected by speculative execution vulnerability affecting Intel chips in the future are:

MacBook (13-inch, Late 2009)
MacBook (13-inch, Mid 2010)
MacBook Air (13-inch, Late 2010)
MacBook Air (11-inch, Late 2010)
MacBook Pro (17-inch, Mid 2010)
MacBook Pro (15-inch, Mid 2010)
MacBook Pro (13-inch, Mid 2010)
iMac (21.5-inch, Late 2009)
iMac (27-inch, Late 2009)
iMac (21.5-inch, Mid 2010)
iMac (27-inch, Mid 2010)
Mac mini (Mid 2010)
Mac Pro (Late 2010)

Apple says most users won’t be affected by the “ZombieLoad” vulnerability and recommends using the patches added to the newest version of macOS. However, those who think the basic protection won’t be enough should go for full mitigation, which could result in a decline in performance by as much as 40 percent.



More...

Similar Threads:

• 1976 - 2011 : Pics: Apple's milestones and product launches
• I patched up with Naitik ji
• Top 10 Application Security Vulnerabilities in Web.config Files – Part One
• Top 10 Application Security Vulnerabilities in Web.config Files: Part Two
• No more fights on Arre Deewano...Rakhi and Gulshan patched up