Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

New 'ZombieLoad' Vulnerability Affects Intel Chips Dating Back to 2011, Apple Released Patch in macOS 10.14.5 [Updated]

Val-kyrie

macrumors 68020
Feb 13, 2005
2,056
1,350
I'm glad that you can optionally enable full mitigation. I'd rather run at maximum speed with issues, since these attacks don't really affect my home machines at all.

Don’t bother turning off HT. There is no “full mitigation” as claimed by Apple.

According to WCCFTECH, “Intel is not recommending that Intel® HT be disabled, and it’s important to understand that doing so does not alone provide protection against MDS.“
 
Comment

cmaier

macrumors Core
Jul 25, 2007
19,717
20,639
California
Don’t bother turning off HT. There is no “full mitigation” as claimed by Apple.

According to WCCFTECH, “Intel is not recommending that Intel® HT be disabled, and it’s important to understand that doing so does not alone provide protection against MDS.“

I’m not reading this as a discrepancy. Disabling the HT is not, itself, a full mitigation, but it helps on top of the firmware mitigation’s.
 
Comment

Val-kyrie

macrumors 68020
Feb 13, 2005
2,056
1,350
I’m not reading this as a discrepancy. Disabling the HT is not, itself, a full mitigation, but it helps on top of the firmware mitigation’s.

Maybe you are correct....

I wondered the same thing when I read the word “alone” but WCCFTECH concludes the article with the statement: “So as it stands right now, if you are in the security conscious camp, you have two choices. You can either upgrade to an Intel 8th Generation or higher processor or you can turn off hyper threading. Unfortunately however, since turning off hyper threading will not protect you against the rest of the speculative execution related threads, there is no real point in doing so and earning the performance cost.”

Perhaps WCCFTECH are misreading Intel and I followed them in doing so. Here is the full response by Intel as posted by WCCFTECH:

Microarchitectural Data Sampling (MDS) is already addressed at the hardware level in many of our recent 8th and 9th Generation Intel® Core™ processors, as well as the 2nd Generation Intel® Xeon® Scalable Processor Family. For other affected products, mitigation is available through microcode updates, coupled with corresponding updates to operating system and hypervisor software that are available starting today.

When these mitigations are enabled, minimal performance impacts are expected for the majority of PC client application based benchmarks. Performance or resource utilization on some data center workloads may be affected and may vary accordingly.

Once these updates are applied, it may be appropriate for some customers to consider additional steps. This includes customers who cannot guarantee that trusted software is running on their system(s) and are using Simultaneous Multi-Threading (SMT). In these cases, customers should consider how they utilize SMT for their particular workload(s), guidance from their OS and VMM software providers, and the security threat model for their particular environment. Because these factors will vary considerably by customer, Intel is not recommending that Intel® HT be disabled, and it’s important to understand that doing so does not alone provide protection against MDS.

We’ve provided more information on our website and continue to encourage everyone to keep their systems up to date, as its one of the best ways to stay protected....
 
Comment

camelia

macrumors 6502
Apr 3, 2015
491
71
Mexico City
Am I safe running macOS 10.13.6 (17G7024)?

MBP 13" Mid 2012 Intel Core i5 2.5 GHZ 16 GB Intel HD Graphics 4000 1536 MB

Thanks
Came
 
Last edited:
Comment

MagnusVonMagnum

macrumors 603
Jun 18, 2007
5,178
1,418
From this particular issue? Yeah. From countless other side-channel attacks that rely on speculative execution flaws? No.

Countless side attacks?! We're all doomed!!!! :eek:

Most of these flaws require someone to have access to your computer more or less directly. So unless you're in a habit of inviting strangers in to use your desktop computer, I wouldn't worry too much.

Oh that's right! People like to go to Starbucks with a Macbook Air and use public WiFi.... ah well. That's about the same difference as inviting them in to use your computer. :D
 
Comment

CE3

Contributor
Nov 26, 2014
1,624
2,713
For those curious about the performance dip:


I disabled it on both my Macs. I might enable again if I notice a decrease in performance, but so far that hasn’t happened.
 
Last edited:
Comment

cmaier

macrumors Core
Jul 25, 2007
19,717
20,639
California
Countless side attacks?! We're all doomed!!!! :eek:

Most of these flaws require someone to have access to your computer more or less directly. So unless you're in a habit of inviting strangers in to use your desktop computer, I wouldn't worry too much.

Oh that's right! People like to go to Starbucks with a Macbook Air and use public WiFi.... ah well. That's about the same difference as inviting them in to use your computer. :D

Actually, no, most of the prior side channel attacks do NOT require physical access to your machine, and can be triggered just by browsing a website with a malicious embedded ad.

I hope nobody is taking your advice about not worrying.
 
  • Like
Reactions: CE3
Comment

MagnusVonMagnum

macrumors 603
Jun 18, 2007
5,178
1,418
Actually, no, most of the prior side channel attacks do NOT require physical access to your machine, and can be triggered just by browsing a website with a malicious embedded ad.

I hope nobody is taking your advice about not worrying.

Hey, worry your whole life away for all I care.... Show me even one person actually affected by any of this horsecrap the past 10 years on a Mac and maybe I'll start to think, Gee, that sucks for them. :p


The idea of a 'malicious ad' is all the more reason to use ad blockers. Sadly, Google has decided for you that you should be FORCED to view ads in Chrome in the future as they are removing all ad blocker support this month. Time to go back to Firefox (I wouldn't touch Safari with a 100 foot pole, personally. Absolute garbage and requires entire OS updates to get the newest version most of hte time).

The truly sad part in all of this is Microsoft is even providing XP with a system update to deal with a recent issue. Apple won't even cover a few OS versions ago despite many older computers still in use that cannot reasonably upgrade to the newest Mac versions. My 2008 MBP (which is just fine with a new SSD in it for doing day-to-day things and I rarely need a notebook so I see no point in blowing $1600+ for new one) is stuck on El Capitain until it's dead. With Metal being a requirement for even decent GUI performance in newer versions of the OS, serious fanaggling is needed to even get it to sort of run something newer.

But then there's my 2012 Mac Mini. It CAN update to the newest OS (not that there's any great new features to make me "want" to update from El Capitain as newer OS versions typically make older computers even SLOWER making me even less likely to 'want' to update), but because Apple decided that Mac's can't have operating systems on their RAID 0 drives (odd since the Mac Mini Server used to ship that way from the factory), it can't be updated without a workaround either (either update an external volume and copy back with CCC or replace the drives with newer SSDs). Why did Apple screw RAID 0 support? No one knows. They hate high tech features. They hate users. They hate computers, even. They seem to want a closed zoo with only iOS devices. They haven't even updated their Mac Pro in YEARS while everyone else has moved ahead of them.... PATHETIC is the word I'd use.

It seems Apple hates their users and does everything in their power to make their lives miserable these days.... Where is the "Zombieload" patch for older macOS versions? Too flipping bad, eh? That's what I mean. How can any 'professional' take a company serious that can't be bothered to support their machines more than one year at a time?
 
Last edited:
Comment

maverick28

macrumors 6502
Mar 14, 2014
474
260
As Johny Ive's parody account on Twitter would put it: "Yet another CPU arch level vulnerability? Why should you bother with that at all on your silly Mac - buy the new iPhone!"
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.