Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

New 'ZombieLoad' Vulnerability Affects Intel Chips Dating Back to 2011, Apple Released Patch in macOS 10.14.5 [Updated]

MagnusVonMagnum

macrumors 603
Jun 18, 2007
5,178
1,418
Yes, there's a crisis. Update to the version of macOS that will force Notarization on you! Coincidence or inside bug discovery they were waiting on to inform Intel of AFTER they had a reason to force people to update to a version of the OS that can control everything you do....
 
Comment

cmaier

macrumors Core
Jul 25, 2007
19,717
20,639
California
Yes, there's a crisis. Update to the version of macOS that will force Notarization on you! Coincidence or inside bug discovery they were waiting on to inform Intel of AFTER they had a reason to force people to update to a version of the OS that can control everything you do....
Apple didn’t discover the bug. What are you talking about?
 
  • Like
Reactions: nouveau_redneck
Comment

MauiPa

macrumors 65816
Apr 18, 2018
1,329
1,643
A-series chips are also prone to vulnerabilities, Mac OS is in a yearly increase of malware attacks too. No one is safe nowadays, it is not even about “being careful where you click” anymore, now companies specialize in exploiting every single vulnerability or hole to track, read data or manipulate.

I don’t think it is Apple’s, Intel’s or Window’s fault anymore, they actually do a good job of trying to be ahead.

And the believe that iOS is the most secure system is total BS, restrictive yes, but it is just as bit as vulnerable as any other. I hate that apps go through such lengthy “review” process that is just garbage, but there are many in the AppStore tracking us without consent and stealing our information without the geniuses at Apple stopping them.

Many years ago my app was rejected “because it made no use of iPhone’s features”... and it was approved just after I added a shaking feature, total stupidity, meanwhile apps go through the process with malicious intentions hidden and these guys don’t even know until news go viral and they “act swiftly to remove them”.

Seems like you are missing the point by a wide margin. The ARM chips (includes Apple A-series): "but AMD and ARM chips are not affected". So Zombieland - ah no. You are seeming to make a false equivalency with the number, ease and severity of attacks. The fact that iOS and Mac are more secure, has been proven time and again, so it is not, as you say, "total BS", and not just as vulnerable. True, there have been bad players like Facebook caught doing bad stuff in the App Store, but there is a mechanism to remedy and remedy, Apple does, not perfectly, of course, but much much better than weaker systems with no controls and restrictions.

"Many years Ago", now there is an anecdote we can all get our heads around. Sorry for your loss, but certainly the process has changed substantially over the years, still not perfect, but you do understand the nature of hacking? It is to get around the restrictions and do malicious things. No human invented system will ever be impervious to bad actors doing stuff and finding ways around restrictions.

We find ourselves both wanting security and restrictions, and wanting totally free and uncontrolled access. We both demand control and security, then are mad when it exists.
 
Comment

Duane Martin

macrumors 6502
Oct 15, 2004
400
888
Calgary, Alberta
Yes, there's a crisis. Update to the version of macOS that will force Notarization on you! Coincidence or inside bug discovery they were waiting on to inform Intel of AFTER they had a reason to force people to update to a version of the OS that can control everything you do....
Interesting. So I am sure several members are wondering "Notarization? Being forced on me? What's that all about?" The implication that Notarization "can control everything you do" is certainly a scary idea.

So, I looked up Notarization to find out what fresh evil was being forced upon me. Well, according to MacRumors own thread "as of macOS 10.14.5, all new software distributed with a new Developer ID must be notarized in order to run." Or, in other words, new software from new developers must be notarized by Apple for the OS to allow it to run, the idea being this will help identify authentic software NOT DOWNLOADED FROM THE MAC APP STORE from malware. In future versions of the OS all software not from the Mac App Store will have to have notarization from the developer which is supplied by Apple.

So how does this control everything you do? It doesn't. Is it a huge imposition on the Mac users? It's not. Is it terribly inconvenient for developers who don't distribute software through the Mac App Store? Well, it is an added step but not an overly onerous one; I don't think it will put anyone out of business. Will it make your computer more secure? Yes, probably, for awhile at least until this, too, is defeated.

But hey, just because you are paranoid and espouse wild conspiracy theories doesn't mean the government isn't watching everything you do. Keep the faith.
 
Last edited:
Comment

JetTester

macrumors 6502
Feb 12, 2014
461
885
Just another step toward perfection. Nothing to see here. Move along. Really! There will always be bugs. When they are found, fix them. Another will come along, fix it too. No panic necessary.
 
Comment

ArtOfWarfare

macrumors G3
Nov 26, 2007
8,927
4,788
A 2010 Mac Mini running El Capitan is looking pretty good right about now

Not really. This, like Spectre and Meltdown, are Intel specific. You can get a modern CPU without these vulnerabilities. Not in a Mac, but you can get Windows and Linux computers running on ARM, and pretty much anything that isn't a laptop, desktop, or server is going to be using ARM.

So weird that Macs, once the only place you could escape from Intel to, are now the only place where you're forced to use Intel.

I love my Raspberry Pi.
 
Comment

chrfr

macrumors G4
Jul 11, 2009
10,192
3,909
that explains the massive security update for 10.13.6
No, this fix is only in 10.14.5. You can disable Hyperthreading where applicable in 10.12.6 or 10.13.6 after installing the most recent security update (with potentially a massive performance penalty) to mitigate the vulnerability in those operating systems.
 
Comment

MagnusVonMagnum

macrumors 603
Jun 18, 2007
5,178
1,418
So how does this control everything you do? It doesn't. Is it a huge imposition on the Mac users? It's not. Is it terribly inconvenient for developers who don't distribute software through the Mac App Store? Well, it is an added step but not an overly onerous one; I don't think it will put anyone out of business. Will it make your computer more secure? Yes, probably, for awhile at least until this, too, is defeated.

But hey, just because you are paranoid and espouse wild conspiracy theories doesn't mean the government isn't watching everything you do. Keep the faith.

You really don't see it, do you? How much open source software is out there? How much does it cost to get an Apple registered developer's status? What on Earth makes you think Apple won't identify everything they don't like from MakeMKV (which lets you dump Blu-Rays, a direct competitor to Apple's streaming service) to emulators (which they've denied in the past on the App Store) as being "Malware" or "other harmful software" ??? The FACT is they can set their software to deny ANYTHING they want. And since Apple has promised that future versions of the Macintosh operating system will REQUIRE Notarization for you to install and/or run the software with NO WAY AROUND IT that means they have the power to DENY you anything they damn well farking feel like.

I know you're a trusting type. TOO trusting, IMO. All I'm saying is that it's a bit late after a burglar has broken into your house stolen your stuff and perhaps even harmed your family to think about getting an alarm system or a gun. :rolleyes:

SOME of us have seen this coming for about seven years now and Apple keeps inching its way there to making the Mac a CLOSED platform. Some of you even WANT this as you think it's safer (as if Mac users traditionally have had ANY issues with security compared to a Windows machine). People want to fight for their right to own a gun in the U.S., but when it comes to PRIVACY, they're ready to sell their very soul in the name of "free stuff" (Google), "security" (Apple's latest McGuffin) or anything else. We've become a society of sheep. Keep the "I told you so" ready in a year or two when the hammer finally drops once and for all.
 
  • Like
Reactions: maverick28 and w1z
Comment

iAssimilated

Contributor
Apr 29, 2018
533
1,184
the PNW
No, this fix is only in 10.14.5. You can disable Hyperthreading where applicable in 10.12.6 or 10.13.6 after installing the most recent security update (with potentially a massive performance penalty) to mitigate the vulnerability in those operating systems.

That does not appear to be the case:
Apple addressed the vulnerability in the macOS Mojave 10.14.5 update that was released yesterday and in security patches for older versions of macOS that were also released yesterday.

UPDATE: Nevermind, I am wrong. :confused:
 
Comment

insoft.uk

macrumors member
Mar 15, 2018
69
22
macOS 10.14.4, and the check says I'm upto date, :mad:

Manage to get it to see the update after 5 mins, now 10.14.5 ;)

Apple go ARM all in, intel x86 and x64 have reached the limit, the CISC is proving to be a thorn in its side preventing it to make it into smartphones and other issues

RISC has been proven the right choice after all, and ARM invented by Acorn a UK company will go down in history inventing the CPU that runs the world, and others like Intel, MOS, Motorola, Zilog tried but in the end they can only be one ARRRRRMMMM
 
Last edited:
Comment

camelia

macrumors 6502
Apr 3, 2015
491
71
Mexico City
@tywebb13

I am still in HS
Can I please have the direct links for
iTunes Device Support Update
Safari 12.1.1
And the latest
gatekeeper and xprotect

Thanks
Came
 
Comment

mannyvel

macrumors 6502a
Mar 16, 2019
636
1,041
Hillsboro, OR
I'm glad that you can optionally enable full mitigation. I'd rather run at maximum speed with issues, since these attacks don't really affect my home machines at all.
 
Comment

Val-kyrie

macrumors 68020
Feb 13, 2005
2,056
1,350
You really don't see it, do you? How much open source software is out there? How much does it cost to get an Apple registered developer's status? What on Earth makes you think Apple won't identify everything they don't like from MakeMKV (which lets you dump Blu-Rays, a direct competitor to Apple's streaming service) to emulators (which they've denied in the past on the App Store) as being "Malware" or "other harmful software" ??? The FACT is they can set their software to deny ANYTHING they want. And since Apple has promised that future versions of the Macintosh operating system will REQUIRE Notarization for you to install and/or run the software with NO WAY AROUND IT that means they have the power to DENY you anything they damn well farking feel like.

I know you're a trusting type. TOO trusting, IMO. All I'm saying is that it's a bit late after a burglar has broken into your house stolen your stuff and perhaps even harmed your family to think about getting an alarm system or a gun. :rolleyes:

SOME of us have seen this coming for about seven years now and Apple keeps inching its way there to making the Mac a CLOSED platform. Some of you even WANT this as you think it's safer (as if Mac users traditionally have had ANY issues with security compared to a Windows machine). People want to fight for their right to own a gun in the U.S., but when it comes to PRIVACY, they're ready to sell their very soul in the name of "free stuff" (Google), "security" (Apple's latest McGuffin) or anything else. We've become a society of sheep. Keep the "I told you so" ready in a year or two when the hammer finally drops once and for all.

The hammer will fall when Apple shifts to ARM, possibly beginning this June at WWDC.


macOS 10.14.4, and the check says I'm upto date, :mad:

Manage to get it to see the update after 5 mins, now 10.14.5 ;)

Apple go ARM all in, intel x86 and x64 have reached the limit, the CISC is proving to be a thorn in its side preventing it to make it into smartphones and other issues

RISC has been proven the right choice after all, and ARM invented by Acorn a UK company will go down in history inventing the CPU that runs the world, and others like Intel, MOS, Motorola, Zilog tried but in the end they can only be one ARRRRRMMMM

This not a RISC vs CISC issue and oversimplifies the current state of CPU design which is a blend of both approaches.

Apple’s ARM CPUs (RISC) and Intel’s x86-64 CPUs (CISC) are vulnerable to Meltdown and Spectre because they use branch prediction.

AMD said it might be vulnerable to one variant of Meltdown; but there has been no demonstrated vulnerability, so for all intents and purposes AMD’s CPUs (CISC) may be considered to not be vulnerable. Similarly, some non-Apple ARM CPUs (RISC; e.g., Cortex-A53 from which Apple derived some of its ARM CPUs) do not use branch prediction and so are not vulnerable.

For more specific information, see this informative article from Network World.
 
Comment

bry2k

macrumors newbie
Jun 22, 2007
27
1
While its concerning that any individual Mac or PC may be vulnerable because of this, the real issue - the seemingly insurmountable issue with enormous security consequences that no individual has any control over - is 'The Cloud'.

If you use any kind of online backup or file sharing service, if your data is anywhere on Google or Dropbox or a million other services, probably even Apple's iCloud, then it's likely vulnerable. I imagine only the most skilled and resourceful hackers can take advantage of this - state actors primarily - but that's not a trivial exception. Does anybody think China or North Korea or Russia does not have reams of highly skilled people who will do everything in their power to steal data via these security holes?

Basically, everything in the cloud is insecure. At this point, I assume anything I have backed up on Backblaze for example, is or probably will end up in the hands of state sanctioned hackers. It's a nightmare.
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.