Who’s Affected?
This flaw affects every Mac — MacBooks, iMacs, Mac minis, and even the Mac Pro — made since around the time in 2011 when Apple would have switched to the first generation of flawed CPUs.
The problem isn’t exclusive to Macs, either — it impacts almost anything built with any Intel CPU inside that was made in 2011 or later, whether it’s running Windows, Linux, macOS, or even an embedded specialized operating system. Note that cloud servers aren’t immune either.
Security researchers specifically tested a wide variety of CPUs and found almost all of them were vulnerable, with only three relatively uncommon exceptions: the Whiskey Lake, Coffee Lake-R, and Cascade Lake-SP microarchitectures appeared to be immune to the variants of ZombieLoad tested by researchers, but it’s much safer to assume that your Mac will be vulnerable to ZombieLoad. Apple never used Whiskey Lake and Cascade Lake architectures at all, and only two of the very most recent iMacs released a few weeks ago — the Core i9 and the Core i5 3.7GHz models — incorporate the Coffee Lake-R architecture; the others use Coffee Lake-S, which has been proven to be vulnerable to both variants of ZombieLoad.
Since this flaw only affects Intel CPUs, however, you don’t need to worry about your other Apple devices. Apple’s iPhone, iPad, iPod, Apple TV, and Apple Watch all use Appel’s own ARM-based chips, and the flaw exists only in the CPU; ancillary Intel chips like the modem chips found in some iPhone models are not affected.