Intel ZombieLoad with old 17" Macbook Pro

Discussion in 'MacBook Pro' started by Fmello, May 25, 2019.

  1. Fmello macrumors member

    Fmello

    Joined:
    Apr 19, 2016
    Location:
    Wisconsin
    #1
    I have an old 17" Macbook Pro (mid 2010), is it was vulnerable to Intel ZombieLoad and other hyper-threading exploits?
     
  2. Fmello thread starter macrumors member

    Fmello

    Joined:
    Apr 19, 2016
    Location:
    Wisconsin
    #3
    Anything I can do to protect myself from that vulnerability? I think Apple End-of-Lifed that model a couple years ago.
     
  3. duervo macrumors 68020

    duervo

    Joined:
    Feb 5, 2011
    #4
    Couple ideas:

    1. Get Mojave running on it, and then wait for Apple to patch it (the vulnerability) via software.

    http://dosdude1.com/mojave/

    2. Switch to a Linux distribution that will have a kernel included that contains the relevant software patch.

    Option 1 is almost like hackintoshing to me. In fact, it's too much like it for my taste so I'd avoid that and probably just run Linux on it from now on, but that's me. You might be ok with it.
     
  4. venom600 macrumors 6502a

    Joined:
    Mar 23, 2003
    Location:
    Los Angeles, CA
    #5
    Option 3: install windows 10 and keep it updated.
     
  5. leman macrumors G3

    Joined:
    Oct 14, 2008
    #6
    Yeah, don't worry about it. That attack is very difficult to pull off in reality. Too many stars need to align and the attacker needs to know exactly what they are attacking.
     
  6. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #7
    The only way to protect yourself AFAIK, is to disable hyperthreading. I believe you can do that using the xcode tools. I did a bit of googling and it seems you can disable hyperthreading with one of the tools. I don't know if that's version specific.
     
  7. Queen6, May 26, 2019
    Last edited: May 26, 2019

    Queen6 macrumors 604

    Queen6

    Joined:
    Dec 11, 2008
    Location:
    Flying over the rainforest at dawn - Priceless
    #8
    For once I agree with @leman as this not an easy vulnerability to exploit and cost in performance may be significant. Personally I've killed all updates until the dust settles and will deal with them manually, as last thing I want is to go from 12 threads to 6 due to over reaction, especially if implemented in firmware...

    Q-6
     
  8. cube macrumors P6

    Joined:
    May 10, 2004
    #9
    Going from 12 to 6 hardware threads is is a much smaller performance hit than going from 12 to 6 cores.
     
  9. Queen6 macrumors 604

    Queen6

    Joined:
    Dec 11, 2008
    Location:
    Flying over the rainforest at dawn - Priceless
    #10
    True, equally until I can gauge the impact it's staying as is. Also considering moving to AMD's platform with 8 cores and 16 threads, as sooner or later the updates will catch up one way or the other...

    Q-6
     
  10. treekram macrumors 68000

    Joined:
    Nov 9, 2015
    Location:
    Honolulu HI
    #11
    ZombieLoad is one of 3 recently disclosed vulnerabilities that Intel has classified as "Microarchitectural Data Sampling" (MDS) vulnerabilities. ZombieLoad is the most recognized simply because of it's name. It appears that to mitigate these vulnerabilities, you need to patch both the microcode somewhere in the Intel chips (the CPU and support chips) and the OS. So it's not clear (to me, at least) which of the 3 vulnerabilities require mitigations in the microcode, the OS or both.

    The 2010 MBP does not have microcode mitigations. Right now, it's more likely that it will not get microcode mitigations. But you can never tell.
    https://support.apple.com/en-us/HT210107
    https://www.intel.com/content/dam/w...A00233-microcode-update-guidance_05132019.pdf

    Only Mojave has the OS mitigations to MDS.

    There are easier ways to hack a computer than MDS. With MDS, the attacker has to hope that it can glean useful data from the computer in essence by listening in on other conversations (which may only be partially understandable) that are going on. If I'm an attacker, that's a pretty stupid to approach stealing data - why not just out and out steal data or listen to the network port and send it back?

    Apple has posted information on how to enable full mitigation (for those computers whose microcode has been updated). But I think the article has problems with it. One poster in the MacBook Pro forum reports that their 2018 i9 computer (2 of them) shuts down in the middle of the night (sleeping or not was not mentioned) after they followed these instructions. So one has to weigh cost and benefits.
     
  11. cube macrumors P6

    Joined:
    May 10, 2004
    #12
     
  12. Queen6 macrumors 604

    Queen6

    Joined:
    Dec 11, 2008
    Location:
    Flying over the rainforest at dawn - Priceless
    #13
    Waiting to see how the OEM's react, equally not planning on disabling Hyperthreading, although will likely look at bolstering other security measures.

    Q-6
     
  13. Fmello thread starter macrumors member

    Fmello

    Joined:
    Apr 19, 2016
    Location:
    Wisconsin
    #14
    I'm confused. Just noticed a new story on macrumors.com called:

    New 'ZombieLoad' Vulnerability Affects Intel Chips Dating Back to 2011

    My 17" Macbook Pro is mid 2010, so it should be safe, right?
     
  14. treekram, May 30, 2019
    Last edited: May 30, 2019

    treekram macrumors 68000

    Joined:
    Nov 9, 2015
    Location:
    Honolulu HI
    #15
    Intel has a list of it's CPU's which are affected and I provided the link in my post #11:
    https://www.intel.com/content/dam/w...A00233-microcode-update-guidance_05132019.pdf

    The CPU's in all 3 models of 17" 2010 MBP's (i5-540M, i7-620M, i7-640M) are listed by Intel as affected with no planned microcode updates. As such, Apple is not updating Sierra or High Sierra to include the OS mitigations that Intel has sent out to Microsoft, Apple, the Linux folks, etc.

    But please read what I had in my post #11:
    "There are easier ways to hack a computer than MDS. With MDS, the attacker has to hope that it can glean useful data from the computer in essence by listening in on other conversations (which may only be partially understandable) that are going on. If I'm an attacker, that's a pretty stupid to approach stealing data - why not just out and out steal data or listen to the network port and send it back?"

    Because of the way this attack is carried out, you need to worry more about where your personal data travels on the web. If your personal data is on a shared computer (using affected Intel CPU's), even though it is held by a trusted source, there may be some other entity which is sharing the computer which knowingly or not "listens" in on other processing going on because hyperthreading is enabled on the computer and because mitigations haven't been carried out. Large companies like Amazon, etc. have their own data centers and it's unlikely they share computers with customer data with other companies. Also, they are a large service provider so they provide hosting services for many organizations and individuals (I use them) and they almost certainly have carried out mitigations both on their internal and their hosting computers. But what about smaller hosting companies and the companies which use them? Do you know if they are as careful? Do you even know everywhere your personal data travels? I certainly don't. This, by far, is a greater risk to you than MDS (ZombieLoad, etc.) on your 2010 MBP. (Please note that no known instance of this type of attack has occurred, either on personal computers or data centers.)
     

Share This Page

14 May 25, 2019