Apple fixes ZombieLoad, the new crack of Intel processors in all Mac

Almost all computers equipped with an Intel processor since 2011 are affected by the new security flaw ZombieLoad. This vulnerability, which has in fact four bugs, echoes the vulnerabilities Spectrum and Meltdown , which had also affected many of the chips produced by the foundry. This time, however, only the Intel cpus are affected, then that Spectrum was also AMD and Arm.

ZombieLoad is an attack by auxiliary channel , exploiting the techniques ofexecution of the speculative. These aim to speed up the processors, who attempt to guess the action to perform after a command, speculating on the nature of this action.

In fact, ZombieLoad approximates the Spectrum, as it is to force the processor to execute a command that he would not do usually, and then recover the information that should not be available.

This vulnerability allows an malandrino to recover the history of web browsing from the victim, but it can go even far away, for example, siphoning passwords and tokens to access to the web services of the user. This vulnerability, of which the reference is CVE-2018-12130, not only affects Intel-based computers, but also the virtual machines on servers.

The researchers propose on the website specially created for the occasion the code of the proof of concept as well as a PDF explaining the menu and what it returns. Intel warned a month ago, has clogged the fault on the processors, the vulnerable, namely those ranges, Xeon, Atom and Knights, as well as the chips Broadwell, Sandy Bridge, and Skylake, Haswell, Kaby Lake, Coffee Lake, Whiskey Lake, and Cascade Lake. Apple, Microsoft, Google and Mozilla have (or will) propose corrective action.

Like Spectrum and Meltdown, the fixes are likely to have a negative impact on processor performance : a degradation of up to 3% on computers that are public, up to 9% on the servers. Given that neither Intel, nor the researchers have not published the source code to exploit the flaw, the average user has normally nothing to worry about. Any attack based on ZombieLoad has not been reported.

The patch already shipped by Apple

macOS 10.14.5, the final version is available since yesterday, contains precisely a patch against ZombieLand. Apple also provides this patch via the security updates 2019-003 for Sierra and High Sierra. The flaw does not affect the iOS devices or the Apple Watch.

The fix for Safari, which is now protected for the exploitation of ZombieLoad via JavaScript or browsing a malicious site. Apple notes the lack of impact on the performance of the browser, and advised to download applications only from the Mac App Store, in order to avoid the installation of a software that could be exploited by ZombieLoad.

To the knowledge of Apple, the flaw has not been used by brigands. Mac users in environments that are high risk or who use software not certified by Apple and / or the system have the ability to enable a complete reduction of risk by playing in the Terminal (all the info are available on the technical note).

This operation can however be performed on a Mac in Mojave, High Sierra or Sierra, which will have been installed macOS 10.14.5 or security updates 2019-003. He must know that the performance of the Mac on which this measure of complete reduction of risk has been applied are likely to be reduced by up to 40%… the most important impact will feel about the tasks exploiting intensively the cpu.

Finally, if the fix is delivered by Apple on the Mojave, High Sierra and Sierra can apply on the Mac the older (MacBook, MacBook Air, MacBook Pro, iMac, Mac mini and Mac Pro released between 2009 and 2010), Intel does not provide firmware updates : the processors of these computers are not affected by ZombieLoad.