Apple lists older Macs that could be left open to attacks similar to ZombieLoad

Image credit: Natascha Eibl/Shutterstock (Image credit: Natascha Eibl/Shutterstock)

Older Macs could be vulnerable to attacks crafted along the same lines as ZombieLoad – the most recent worrying major vulnerability in Intel’s processors – thanks to a lack of updates from Intel for the CPUs of the relevant machines.

This is an interesting one, because Apple initially listed a number of ‘unsupported Mac models’ from 2009 and 2010 – laptops and desktop PCs alike – stating that those machines can receive security updates in macOS Mojave, High Sierra or Sierra, but wouldn’t be able to support ZombieLoad mitigations “due to a lack of microcode updates [for the processors] from Intel”.

Apple Insider reached out to Apple to clarify exactly what was meant by this, and the Mac maker confirmed that these Macs will remain vulnerable to attack vectors similar to ZombieLoad because of the lack of microcode updates from Intel, but potential attackers won’t be able to leverage ZombieLoad itself against these machines.

In other words, owners of these older Macs are safe from ZombieLoad – which doesn’t affect Intel processors made before 2011 – but not from potential future spins on similar speculative execution vulnerabilities. Not until Intel steps up to the plate and provides those relevant updates.

The full list of these older Macs (which are still supported by Apple as ‘vintage’ machines, or are capable of running Mojave, the latest version of macOS) is as follows:

  • MacBook (13-inch, Late 2009)
  • MacBook (13-inch, Mid 2010)
  • MacBook Air (13-inch, Late 2010)
  • MacBook Air (11-inch, Late 2010)
  • MacBook Pro (17-inch, Mid 2010)
  • MacBook Pro (15-inch, Mid 2010)
  • MacBook Pro (13-inch, Mid 2010)
  • iMac (21.5-inch, Late 2009)
  • iMac (27-inch, Late 2009)
  • iMac (21.5-inch, Mid 2010)
  • iMac (27-inch, Mid 2010)
  • Mac mini (Mid 2010)
  • Mac Pro (Late 2010)

Related story: Time you got yourself a Mac VPN?

Full mitigation – at a cost

Apple has also previously confirmed there are no known instances of ZombieLoad actually being exploited against Mac users, and that those who are worried about the prospect – perhaps with computers holding particularly sensitive data, or those running untrusted apps – can enable ‘full mitigation’ on their machine.

This isn’t really recommended, though, because it involves disabling hyper- threading on top of the ZombieLoad security fixes. And that could entail a performance hit of up to 40%, Apple observes, with the greater impacts to be felt on machines with beefy multi-core processors running demanding computing tasks that use all those cores.

Most Macs won’t have their performance levels almost cut in half, of course, as this is a worst-case scenario – but 40% is certainly a suitably alarming figure to see at first glance.

This latest security hole with Intel’s chips – and the potential performance impact of fixes – may well be another reason that bolsters Apple’s rumored determination to switch away from Intel processors. Particularly given that Intel’s recent manufacturing woes and CPU stock shortages are apparently to blame for the recent slump in Mac sales, according to Apple.

While Apple has certainly suffered from its own security problems in the past, they pale in comparison to Intel’s recent history of glaring bugs in its silicon, and by making its own ARM processors, Apple would at least be the master of its own destiny when it comes to avoiding CPU vulnerabilities (and much more besides).

Finally, don’t forget we’ve got a full guide on how to protect your devices against the ZombieLoad attack.

TOPICS

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in CPU
An AMD Ryzen 9 9950X3D on its retail packaging
I've reviewed three generations of 3D V-cache processors, and the AMD Ryzen 9 9950X3D is the best there is
AMD Ryzen 9000 3D chips
AMD officially announces price and release date for Ryzen 9 9900X3D and 9950X3D processors
A chip wafer manufactured at Intel Foundry
Can 18A save Intel from being devoured by its rivals – and Wall Street?
A stock photo of a man saying 'no thank you' to a gift box bearing the AMD Ryzen logo.
I'm tired of waiting for AMD's entry-level Ryzen 9000 series chips
Water cooling acrylic tube system with Barrow cpu block
What is a normal temperature for a CPU?
Render of AMD Ryzen chip
AMD’s powerful Ryzen 9 9950X3D and 9900X3D CPUs rumored to arrive on March 12 – but gamers will still be better off with the 9800X3D
Latest in News
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'