Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New 'ZombieLoad' Vulnerability Affects Intel Chips Dating Back to 2011, Apple Released Patch in macOS 10.14.5 [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Even apple says complete mitigation requires disabling multithreading. Not exactly a “fix.”
I have a 6 core cpu and disabled hyperthreading a while back. My use case doesn't necessarily take advantage of hyperthreading.
Yes, there's a crisis. Update to the version of macOS that will force Notarization on you! Coincidence or inside bug discovery they were waiting on to inform Intel of AFTER they had a reason to force people to update to a version of the OS that can control everything you do....
Apple didn’t discover the bug. What are you talking about?
Full mitigation wipes out a decade of Intel performance gains.
Last edited:
Seems like you are missing the point by a wide margin. The ARM chips (includes Apple A-series): "but AMD and ARM chips are not affected". So Zombieland - ah no. You are seeming to make a false equivalency with the number, ease and severity of attacks. The fact that iOS and Mac are more secure, has been proven time and again, so it is not, as you say, "total BS", and not just as vulnerable. True, there have been bad players like Facebook caught doing bad stuff in the App Store, but there is a mechanism to remedy and remedy, Apple does, not perfectly, of course, but much much better than weaker systems with no controls and restrictions.
"Many years Ago", now there is an anecdote we can all get our heads around. Sorry for your loss, but certainly the process has changed substantially over the years, still not perfect, but you do understand the nature of hacking? It is to get around the restrictions and do malicious things. No human invented system will ever be impervious to bad actors doing stuff and finding ways around restrictions.
We find ourselves both wanting security and restrictions, and wanting totally free and uncontrolled access. We both demand control and security, then are mad when it exists.
Interesting. So I am sure several members are wondering "Notarization? Being forced on me? What's that all about?" The implication that Notarization "can control everything you do" is certainly a scary idea.
So, I looked up Notarization to find out what fresh evil was being forced upon me. Well, according to MacRumors own thread "as of macOS 10.14.5, all new software distributed with a new Developer ID must be notarized in order to run." Or, in other words, new software from new developers must be notarized by Apple for the OS to allow it to run, the idea being this will help identify authentic software NOT DOWNLOADED FROM THE MAC APP STORE from malware. In future versions of the OS all software not from the Mac App Store will have to have notarization from the developer which is supplied by Apple.
So how does this control everything you do? It doesn't. Is it a huge imposition on the Mac users? It's not. Is it terribly inconvenient for developers who don't distribute software through the Mac App Store? Well, it is an added step but not an overly onerous one; I don't think it will put anyone out of business. Will it make your computer more secure? Yes, probably, for awhile at least until this, too, is defeated.
But hey, just because you are paranoid and espouse wild conspiracy theories doesn't mean the government isn't watching everything you do. Keep the faith.
Last edited:
Not really. This, like Spectre and Meltdown, are Intel specific. You can get a modern CPU without these vulnerabilities. Not in a Mac, but you can get Windows and Linux computers running on ARM, and pretty much anything that isn't a laptop, desktop, or server is going to be using ARM.
So weird that Macs, once the only place you could escape from Intel to, are now the only place where you're forced to use Intel.
I love my Raspberry Pi.
No, this fix is only in 10.14.5. You can disable Hyperthreading where applicable in 10.12.6 or 10.13.6 after installing the most recent security update (with potentially a massive performance penalty) to mitigate the vulnerability in those operating systems.
You really don't see it, do you? How much open source software is out there? How much does it cost to get an Apple registered developer's status? What on Earth makes you think Apple won't identify everything they don't like from MakeMKV (which lets you dump Blu-Rays, a direct competitor to Apple's streaming service) to emulators (which they've denied in the past on the App Store) as being "Malware" or "other harmful software" ??? The FACT is they can set their software to deny ANYTHING they want. And since Apple has promised that future versions of the Macintosh operating system will REQUIRE Notarization for you to install and/or run the software with NO WAY AROUND IT that means they have the power to DENY you anything they damn well farking feel like.
I know you're a trusting type. TOO trusting, IMO. All I'm saying is that it's a bit late after a burglar has broken into your house stolen your stuff and perhaps even harmed your family to think about getting an alarm system or a gun.
SOME of us have seen this coming for about seven years now and Apple keeps inching its way there to making the Mac a CLOSED platform. Some of you even WANT this as you think it's safer (as if Mac users traditionally have had ANY issues with security compared to a Windows machine). People want to fight for their right to own a gun in the U.S., but when it comes to PRIVACY, they're ready to sell their very soul in the name of "free stuff" (Google), "security" (Apple's latest McGuffin) or anything else. We've become a society of sheep. Keep the "I told you so" ready in a year or two when the hammer finally drops once and for all.
macOS 10.14.4, and the check says I'm upto date,
Manage to get it to see the update after 5 mins, now 10.14.5
Apple go ARM all in, intel x86 and x64 have reached the limit, the CISC is proving to be a thorn in its side preventing it to make it into smartphones and other issues
RISC has been proven the right choice after all, and ARM invented by Acorn a UK company will go down in history inventing the CPU that runs the world, and others like Intel, MOS, Motorola, Zilog tried but in the end they can only be one ARRRRRMMMM
Manage to get it to see the update after 5 mins, now 10.14.5
Apple go ARM all in, intel x86 and x64 have reached the limit, the CISC is proving to be a thorn in its side preventing it to make it into smartphones and other issues
RISC has been proven the right choice after all, and ARM invented by Acorn a UK company will go down in history inventing the CPU that runs the world, and others like Intel, MOS, Motorola, Zilog tried but in the end they can only be one ARRRRRMMMM
Last edited:
http://swcdn.apple.com/content/down...j7tgzg4zzuvn3scnsztzq3dked/MobileDeviceSU.pkg
http://swcdn.apple.com/content/down...gsxdj09bat1u4t/Safari12.1.1HighSierraAuto.pkg
http://swcdn.apple.com/content/down...m808sfkhernhm6t03ocg/GatekeeperConfigData.pkg
http://swcdn.apple.com/content/down...d5832ivg90gh4xtns/XProtectPlistConfigData.pkg
I'm glad that you can optionally enable full mitigation. I'd rather run at maximum speed with issues, since these attacks don't really affect my home machines at all.
You really don't see it, do you? How much open source software is out there? How much does it cost to get an Apple registered developer's status? What on Earth makes you think Apple won't identify everything they don't like from MakeMKV (which lets you dump Blu-Rays, a direct competitor to Apple's streaming service) to emulators (which they've denied in the past on the App Store) as being "Malware" or "other harmful software" ??? The FACT is they can set their software to deny ANYTHING they want. And since Apple has promised that future versions of the Macintosh operating system will REQUIRE Notarization for you to install and/or run the software with NO WAY AROUND IT that means they have the power to DENY you anything they damn well farking feel like.
I know you're a trusting type. TOO trusting, IMO. All I'm saying is that it's a bit late after a burglar has broken into your house stolen your stuff and perhaps even harmed your family to think about getting an alarm system or a gun.
SOME of us have seen this coming for about seven years now and Apple keeps inching its way there to making the Mac a CLOSED platform. Some of you even WANT this as you think it's safer (as if Mac users traditionally have had ANY issues with security compared to a Windows machine). People want to fight for their right to own a gun in the U.S., but when it comes to PRIVACY, they're ready to sell their very soul in the name of "free stuff" (Google), "security" (Apple's latest McGuffin) or anything else. We've become a society of sheep. Keep the "I told you so" ready in a year or two when the hammer finally drops once and for all.
The hammer will fall when Apple shifts to ARM, possibly beginning this June at WWDC.
macOS 10.14.4, and the check says I'm upto date,
Manage to get it to see the update after 5 mins, now 10.14.5
Apple go ARM all in, intel x86 and x64 have reached the limit, the CISC is proving to be a thorn in its side preventing it to make it into smartphones and other issues
RISC has been proven the right choice after all, and ARM invented by Acorn a UK company will go down in history inventing the CPU that runs the world, and others like Intel, MOS, Motorola, Zilog tried but in the end they can only be one ARRRRRMMMM
This not a RISC vs CISC issue and oversimplifies the current state of CPU design which is a blend of both approaches.
Apple’s ARM CPUs (RISC) and Intel’s x86-64 CPUs (CISC) are vulnerable to Meltdown and Spectre because they use branch prediction.
AMD said it might be vulnerable to one variant of Meltdown; but there has been no demonstrated vulnerability, so for all intents and purposes AMD’s CPUs (CISC) may be considered to not be vulnerable. Similarly, some non-Apple ARM CPUs (RISC; e.g., Cortex-A53 from which Apple derived some of its ARM CPUs) do not use branch prediction and so are not vulnerable.
For more specific information, see this informative article from Network World.
While its concerning that any individual Mac or PC may be vulnerable because of this, the real issue - the seemingly insurmountable issue with enormous security consequences that no individual has any control over - is 'The Cloud'.
If you use any kind of online backup or file sharing service, if your data is anywhere on Google or Dropbox or a million other services, probably even Apple's iCloud, then it's likely vulnerable. I imagine only the most skilled and resourceful hackers can take advantage of this - state actors primarily - but that's not a trivial exception. Does anybody think China or North Korea or Russia does not have reams of highly skilled people who will do everything in their power to steal data via these security holes?
Basically, everything in the cloud is insecure. At this point, I assume anything I have backed up on Backblaze for example, is or probably will end up in the hands of state sanctioned hackers. It's a nightmare.
If you use any kind of online backup or file sharing service, if your data is anywhere on Google or Dropbox or a million other services, probably even Apple's iCloud, then it's likely vulnerable. I imagine only the most skilled and resourceful hackers can take advantage of this - state actors primarily - but that's not a trivial exception. Does anybody think China or North Korea or Russia does not have reams of highly skilled people who will do everything in their power to steal data via these security holes?
Basically, everything in the cloud is insecure. At this point, I assume anything I have backed up on Backblaze for example, is or probably will end up in the hands of state sanctioned hackers. It's a nightmare.