Why Is It Dangerous?
Put simply, ZombieLoad allows a hacker to access any data that could be in the memory of your computer, from any running app. Think of it as a way to break down the walls that normally exist between apps using the system’s main processor, so a malicious app running on your Mac could read anything that any other app is doing or storing in memory, including extremely sensitive data like passwords and cryptographic keys.
Researchers showed a proof-of-concept video that demonstrates how the flaw can be exploited to provide real-time tracking of which websites the user is visiting, which isn’t a far stretch from pulling in passwords and security tokens that could be used to access online email and banking accounts.
To be clear, this exploit still requires an app to be running on your actual computer — it’s not exactly a “drive-by” vulnerability that would allow somebody to remotely take control of your machine, but it does provide a lot more for malware to work with, potentially allowing a malicious app to bypass all of the normal security features on your Mac. It’s also very important to understand that this can be exploited by JavaScript, so it could be triggered as a result of visiting a website in your browser that might happen to have malicious code — it doesn’t have to come from an app that you specifically choose to install on your Mac.