Almost All Macs Since 2011 Affected By New Zombieload Intel Chip Vulnerability Patch Included In Macos 10 14 5

Intel has detailed today that four new exploits named ZombieLoad make almost every chip it has made since 2011 vulnerable to attacks. ZombieLoad has some similarities to the Meltdown and Spectre bugs we saw last year. Apple has already patched the vulnerabilities with yesterday’s macOS 10.14.5 update.

As reported by TechCrunch, security researchers have discovered what they are calling a new class of vulnerabilities in Intel chips going back to 2011 and can also be used against virtual machines. As described by CPU.fail, here’s how the attack works:

Like Spectre and Meltdown, ZombieLoad attacks leverage weaknesses in speculative execution and some of the same security researchers who discovered Meltdown and Spectre reported the new ZombieLoad vulnerabilities to Intel.

One of the researchers, Daniel Gruss, told TC that these are advanced attacks, sitting in difficulty between Spectre and Meltdown to execute.

There haven’t been any publicly known examples of ZombieLoad being used maliciously, but it’s still a good idea to update your Mac’s software. Intel already released microcode updates and Apple has implemented them in yesterday’s macOS 10.14.5 update. Apple also has High Sierra and Sierra security updates for ZombieLoad as well.

Intel did say that performance may take a minor hit of up 3%, but that most users won’t notice any changes with the patches installed. Datacenters, on the other hand, could see performance drop as much as 9%.

Read more about ZombieLoad in TechCrunch’s post here.