If you’ve been paying attention to the tech news lately, you may have heard about the newly discovered “ZombieLoad” attack, which has a terrifying name and the possible ramifications sound dire. But no need to worry right now about it as long as you are keeping your software reasonably up-to-date.
Security problems like this are one of the reasons I recommend installing bug fix updates pretty much right away, and not using devices that are no longer being patched.
So what is ZombieLoad?
Security researchers have found that there is a way for one program running on your computer to spy on another program on the same computer, possibly capturing data such as passwords, keystrokes, and security certificates.
What devices are affected?
ZombieLoad affects all Intel computer processors since 2011, except mobile ARM processors such as those used in iPhones and iPads. Intel processors prior to 2011 may be affected, but security researchers have not tested them. This is not a Mac vulnerability; it also affects Windows, Linux, and most servers. So for my readers, this is mostly just relevant to their Mac desktop and notebook computers. The good news is that this is a vulnerability that was discovered by security researchers, and as far as they know this has not been exploited in the wild. For the moment this is all theoretical. So you don’t need to panic, you just need to update your software soon.
What can you do to secure myself ?
For your own Mac just make sure you are running the latest software patches. The macOS 10.14.5 update that was released a couple of weeks ago has the fix. Patches were also released for macOS 10.12 Sierra and 10.14 High Sierra. Software older than that will need to be upgraded to a newer version if possible. If your computer isn’t receiving security patches anymore (2010 and earlier models) I strongly suggest these computers be retired. Apple will take these older computers and recycle them into new computers.
The bigger concern might be any hosted services, also known as cloud services. This exploit could theoretically be used by one user to read data from another user. For example, if you have an email account on a server that a stranger has access to, they could conceivably read your email or your passwords. The major services like Google and Apple are likely to have their server software patched already. But smaller companies that don’t have many users might not be as prompt. If you have any concerns about it I advise you to reach out to their technical support and ask them if the software they are running is vulnerable to ZombieLoad and when they plan on having their software patched.
What about disabling hyperthreading?
The patches that Apple has released only affect performance slightly. Though they are not complete fixes; they just make it much more difficult to compromise. If you run a public facing server or a system that is much more vulnerable, Apple recommends you entirely disable hyperthreading, though that can slow the computer down by as much as 40%.