First, it was Meltdown and Spectre. Now, it’s ZombieLoad. Suffice to say, there are a lot of scary-sounding vulnerabilities that bad actors would leverage to attack our Macs. Luckily, Apple is already on top of it. Even before news broke about ZombieLoad, Apple issued a handful of software updates that mitigate the vulnerability. (Which, by the way, you should download as soon as possible.)
On the other hand, there are a number of Mac devices that Apple wasn’t able to patch. Basically, any Mac device made before 2011.
That’s due to the fact that Intel hasn’t released the necessary “microcode updates” on its end.
To be clear, ZombieLoad won’t be able to target these 2010-and-earlier Mac models because of its particular attack vector. But Apple makes it clear that these Macs could still be prone to vulnerabilities similar to ZombieLoad.
ZombieLoad, as well as Spectre and Meltdown, all take advantage of a flaw in the architecture of Intel’s processing hardware. It’s not a software flaw, so it isn’t as easily patched by an operating system maker.
If leveraged by a bad actor, these flaws could allow them to access sensitive data on your computer — from passwords to financial information.
So while pre-2011 Mac devices are safe from ZombieLoad, they could still be impacted by future speculative execution vulnerabilities. And without Intel’s necessary microcode updates, Apple will be unable to patch those vulnerabilities if or when they do surface.
In other words, if and when the next ZombieLoad-, Spectre- or Meltdown-like vulnerability is discovered, Apple may not be able to do anything about it.
List of Mac Computers Apple Isn’t Able to Patch
- MacBook (13-inch, Late 2009)
- MacBook (13-inch, Mid 2010)
- MacBook Air (13-inch, Late 2010)
- MacBook Air (11-inch, Late 2010)
- MacBook Pro (17-inch, Mid 2010)
- MacBook Pro (15-inch, Mid 2010)
- MacBook Pro (13-inch, Mid 2010)
- iMac (21.5-inch, Late 2009)
- iMac (27-inch, Late 2009)
- iMac (21.5-inch, Mid 2010)
- iMac (27-inch, Mid 2010)
- Mac mini (Mid 2010)
- Mac Pro (Late 2010)
Even though Intel is lagging on the microcode updates, there’s always the chance that the chipmaker could deploy those updates before the next major vulnerability is discovered.
And before you get too worried about speculative execution vulnerabilities, do know that there is an option that essentially eliminates the risk of them. Apple calls this option full mitigation. But since speculative execution vulnerabilities take advantage of a core piece of a computer’s architecture, applying the full mitigation tactic could reduce system performance by as much as 40 percent.
The risk of malicious apps taking advantage of computer architecture could also be reduced by practicing general security habits. For starters, you should only download apps from the Mac App Store or third-party developer websites that you absolutely trust.