Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Fmello

macrumors member
Original poster
Apr 19, 2016
39
80
Wisconsin
I have an old 17" Macbook Pro (mid 2010), is it was vulnerable to Intel ZombieLoad and other hyper-threading exploits?
 

Fmello

macrumors member
Original poster
Apr 19, 2016
39
80
Wisconsin
Anything I can do to protect myself from that vulnerability? I think Apple End-of-Lifed that model a couple years ago.
 

duervo

macrumors 68020
Feb 5, 2011
2,461
1,226
Anything I can do to protect myself from that vulnerability? I think Apple End-of-Lifed that model a couple years ago.

Couple ideas:

1. Get Mojave running on it, and then wait for Apple to patch it (the vulnerability) via software.

http://dosdude1.com/mojave/

2. Switch to a Linux distribution that will have a kernel included that contains the relevant software patch.

Option 1 is almost like hackintoshing to me. In fact, it's too much like it for my taste so I'd avoid that and probably just run Linux on it from now on, but that's me. You might be ok with it.
 

leman

macrumors Core
Oct 14, 2008
19,041
18,639
Anything I can do to protect myself from that vulnerability? I think Apple End-of-Lifed that model a couple years ago.

Yeah, don't worry about it. That attack is very difficult to pull off in reality. Too many stars need to align and the attacker needs to know exactly what they are attacking.
 
  • Like
Reactions: mick2 and Queen6

maflynn

macrumors Haswell
May 3, 2009
73,307
43,129
Anything I can do to protect myself from that vulnerability? I think Apple End-of-Lifed that model a couple years ago.
The only way to protect yourself AFAIK, is to disable hyperthreading. I believe you can do that using the xcode tools. I did a bit of googling and it seems you can disable hyperthreading with one of the tools. I don't know if that's version specific.
 
  • Like
Reactions: uecker87

Queen6

macrumors G4
The only way to protect yourself AFAIK, is to disable hyperthreading. I believe you can do that using the xcode tools. I did a bit of googling and it seems you can disable hyperthreading with one of the tools. I don't know if that's version specific.

For once I agree with @leman as this not an easy vulnerability to exploit and cost in performance may be significant. Personally I've killed all updates until the dust settles and will deal with them manually, as last thing I want is to go from 12 threads to 6 due to over reaction, especially if implemented in firmware...

Q-6
 
Last edited:

cube

Suspended
May 10, 2004
17,011
4,972
For once I agree with @leman as this not an easy vulnerability to exploit and cost in performance may be significant. Personally I've killed all updates until the dust settles as last thing I want is to go from 12 threads to 6 due to over reaction, especially if implemented in firmware...

Q-6
Going from 12 to 6 hardware threads is is a much smaller performance hit than going from 12 to 6 cores.
 

treekram

macrumors 68000
Nov 9, 2015
1,849
411
Honolulu HI
ZombieLoad is one of 3 recently disclosed vulnerabilities that Intel has classified as "Microarchitectural Data Sampling" (MDS) vulnerabilities. ZombieLoad is the most recognized simply because of it's name. It appears that to mitigate these vulnerabilities, you need to patch both the microcode somewhere in the Intel chips (the CPU and support chips) and the OS. So it's not clear (to me, at least) which of the 3 vulnerabilities require mitigations in the microcode, the OS or both.

The 2010 MBP does not have microcode mitigations. Right now, it's more likely that it will not get microcode mitigations. But you can never tell.
https://support.apple.com/en-us/HT210107
https://www.intel.com/content/dam/w...A00233-microcode-update-guidance_05132019.pdf

Only Mojave has the OS mitigations to MDS.

There are easier ways to hack a computer than MDS. With MDS, the attacker has to hope that it can glean useful data from the computer in essence by listening in on other conversations (which may only be partially understandable) that are going on. If I'm an attacker, that's a pretty stupid to approach stealing data - why not just out and out steal data or listen to the network port and send it back?

Apple has posted information on how to enable full mitigation (for those computers whose microcode has been updated). But I think the article has problems with it. One poster in the MacBook Pro forum reports that their 2018 i9 computer (2 of them) shuts down in the middle of the night (sleeping or not was not mentioned) after they followed these instructions. So one has to weigh cost and benefits.
 
  • Like
Reactions: Queen6

cube

Suspended
May 10, 2004
17,011
4,972
True, equally until I can gauge the impact it's staying as is. Also considering moving to AMD's platform with 8 cores and 16 threads, as sooner or later the updates will catch up one way or the other...

Q-6
 
  • Like
Reactions: Queen6

Fmello

macrumors member
Original poster
Apr 19, 2016
39
80
Wisconsin
I'm confused. Just noticed a new story on macrumors.com called:

New 'ZombieLoad' Vulnerability Affects Intel Chips Dating Back to 2011

My 17" Macbook Pro is mid 2010, so it should be safe, right?
 

treekram

macrumors 68000
Nov 9, 2015
1,849
411
Honolulu HI
I'm confused. Just noticed a new story on macrumors.com called:

New 'ZombieLoad' Vulnerability Affects Intel Chips Dating Back to 2011

My 17" Macbook Pro is mid 2010, so it should be safe, right?

Intel has a list of it's CPU's which are affected and I provided the link in my post #11:
https://www.intel.com/content/dam/w...A00233-microcode-update-guidance_05132019.pdf

The CPU's in all 3 models of 17" 2010 MBP's (i5-540M, i7-620M, i7-640M) are listed by Intel as affected with no planned microcode updates. As such, Apple is not updating Sierra or High Sierra to include the OS mitigations that Intel has sent out to Microsoft, Apple, the Linux folks, etc.

But please read what I had in my post #11:
"There are easier ways to hack a computer than MDS. With MDS, the attacker has to hope that it can glean useful data from the computer in essence by listening in on other conversations (which may only be partially understandable) that are going on. If I'm an attacker, that's a pretty stupid to approach stealing data - why not just out and out steal data or listen to the network port and send it back?"

Because of the way this attack is carried out, you need to worry more about where your personal data travels on the web. If your personal data is on a shared computer (using affected Intel CPU's), even though it is held by a trusted source, there may be some other entity which is sharing the computer which knowingly or not "listens" in on other processing going on because hyperthreading is enabled on the computer and because mitigations haven't been carried out. Large companies like Amazon, etc. have their own data centers and it's unlikely they share computers with customer data with other companies. Also, they are a large service provider so they provide hosting services for many organizations and individuals (I use them) and they almost certainly have carried out mitigations both on their internal and their hosting computers. But what about smaller hosting companies and the companies which use them? Do you know if they are as careful? Do you even know everywhere your personal data travels? I certainly don't. This, by far, is a greater risk to you than MDS (ZombieLoad, etc.) on your 2010 MBP. (Please note that no known instance of this type of attack has occurred, either on personal computers or data centers.)
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.