Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Intel ZombieLoad with old 17" Macbook Pro
- Thread starter Fmello
- Start date
- Sort by reaction score
Couple ideas:
1. Get Mojave running on it, and then wait for Apple to patch it (the vulnerability) via software.
http://dosdude1.com/mojave/
2. Switch to a Linux distribution that will have a kernel included that contains the relevant software patch.
Option 1 is almost like hackintoshing to me. In fact, it's too much like it for my taste so I'd avoid that and probably just run Linux on it from now on, but that's me. You might be ok with it.
Yeah, don't worry about it. That attack is very difficult to pull off in reality. Too many stars need to align and the attacker needs to know exactly what they are attacking.
The only way to protect yourself AFAIK, is to disable hyperthreading. I believe you can do that using the xcode tools. I did a bit of googling and it seems you can disable hyperthreading with one of the tools. I don't know if that's version specific.
For once I agree with @leman as this not an easy vulnerability to exploit and cost in performance may be significant. Personally I've killed all updates until the dust settles and will deal with them manually, as last thing I want is to go from 12 threads to 6 due to over reaction, especially if implemented in firmware...
Q-6
Last edited:
Going from 12 to 6 hardware threads is is a much smaller performance hit than going from 12 to 6 cores.
True, equally until I can gauge the impact it's staying as is. Also considering moving to AMD's platform with 8 cores and 16 threads, as sooner or later the updates will catch up one way or the other...
Q-6
ZombieLoad is one of 3 recently disclosed vulnerabilities that Intel has classified as "Microarchitectural Data Sampling" (MDS) vulnerabilities. ZombieLoad is the most recognized simply because of it's name. It appears that to mitigate these vulnerabilities, you need to patch both the microcode somewhere in the Intel chips (the CPU and support chips) and the OS. So it's not clear (to me, at least) which of the 3 vulnerabilities require mitigations in the microcode, the OS or both.
The 2010 MBP does not have microcode mitigations. Right now, it's more likely that it will not get microcode mitigations. But you can never tell.
https://support.apple.com/en-us/HT210107
https://www.intel.com/content/dam/w...A00233-microcode-update-guidance_05132019.pdf
Only Mojave has the OS mitigations to MDS.
There are easier ways to hack a computer than MDS. With MDS, the attacker has to hope that it can glean useful data from the computer in essence by listening in on other conversations (which may only be partially understandable) that are going on. If I'm an attacker, that's a pretty stupid to approach stealing data - why not just out and out steal data or listen to the network port and send it back?
Apple has posted information on how to enable full mitigation (for those computers whose microcode has been updated). But I think the article has problems with it. One poster in the MacBook Pro forum reports that their 2018 i9 computer (2 of them) shuts down in the middle of the night (sleeping or not was not mentioned) after they followed these instructions. So one has to weigh cost and benefits.
The 2010 MBP does not have microcode mitigations. Right now, it's more likely that it will not get microcode mitigations. But you can never tell.
https://support.apple.com/en-us/HT210107
https://www.intel.com/content/dam/w...A00233-microcode-update-guidance_05132019.pdf
Only Mojave has the OS mitigations to MDS.
There are easier ways to hack a computer than MDS. With MDS, the attacker has to hope that it can glean useful data from the computer in essence by listening in on other conversations (which may only be partially understandable) that are going on. If I'm an attacker, that's a pretty stupid to approach stealing data - why not just out and out steal data or listen to the network port and send it back?
Apple has posted information on how to enable full mitigation (for those computers whose microcode has been updated). But I think the article has problems with it. One poster in the MacBook Pro forum reports that their 2018 i9 computer (2 of them) shuts down in the middle of the night (sleeping or not was not mentioned) after they followed these instructions. So one has to weigh cost and benefits.
Waiting to see how the OEM's react, equally not planning on disabling Hyperthreading, although will likely look at bolstering other security measures.
Q-6
Intel has a list of it's CPU's which are affected and I provided the link in my post #11:
https://www.intel.com/content/dam/w...A00233-microcode-update-guidance_05132019.pdf
The CPU's in all 3 models of 17" 2010 MBP's (i5-540M, i7-620M, i7-640M) are listed by Intel as affected with no planned microcode updates. As such, Apple is not updating Sierra or High Sierra to include the OS mitigations that Intel has sent out to Microsoft, Apple, the Linux folks, etc.
But please read what I had in my post #11:
"There are easier ways to hack a computer than MDS. With MDS, the attacker has to hope that it can glean useful data from the computer in essence by listening in on other conversations (which may only be partially understandable) that are going on. If I'm an attacker, that's a pretty stupid to approach stealing data - why not just out and out steal data or listen to the network port and send it back?"
Because of the way this attack is carried out, you need to worry more about where your personal data travels on the web. If your personal data is on a shared computer (using affected Intel CPU's), even though it is held by a trusted source, there may be some other entity which is sharing the computer which knowingly or not "listens" in on other processing going on because hyperthreading is enabled on the computer and because mitigations haven't been carried out. Large companies like Amazon, etc. have their own data centers and it's unlikely they share computers with customer data with other companies. Also, they are a large service provider so they provide hosting services for many organizations and individuals (I use them) and they almost certainly have carried out mitigations both on their internal and their hosting computers. But what about smaller hosting companies and the companies which use them? Do you know if they are as careful? Do you even know everywhere your personal data travels? I certainly don't. This, by far, is a greater risk to you than MDS (ZombieLoad, etc.) on your 2010 MBP. (Please note that no known instance of this type of attack has occurred, either on personal computers or data centers.)
Last edited: