Apple lists Macs it can’t patch against ‘ZombieLoad’ exploits

By

Apple iMac 2019
There’s only so much Apple can do without Intel’s help.
Photo: Apple

Apple has published a list of Macs that are still vulnerable to “ZombieLoad” exploits because they cannot be patched.

The older machines — all made before 2011 — may receive security updates, Apple says. But a proper fix won’t be available because Intel won’t release the necessary microcode updates.

The ZombieLoad exploit takes advantage of a newly-discovered vulnerability in all Intel processors released since 2011. It allows attackers to acquire sensitive data temporarily stored on the chip.

Fixing the problem is complicated. Apple has already rolled out patches that mitigate the issue, but users who apply a complete fix could suffer a performance decrease of up to 40%.

Some Mac users won’t get a proper fix at all, Apple has warned.

Older Macs still vulnerable to ZombieLoad

A number of Mac models released before 2011 may remain vulnerable to ZombieLoad and similar exploits, Apple has warned. Those include:

  • MacBook (13-inch, Late 2009)
  • MacBook (13-inch, Mid 2010)
  • MacBook Air (13-inch, Late 2010)
  • MacBook Air (11-inch, Late 2010)
  • MacBook Pro (17-inch, Mid 2010)
  • MacBook Pro (15-inch, Mid 2010)
  • MacBook Pro (13-inch, Mid 2010)
  • iMac (21.5-inch, Late 2009)
  • iMac (27-inch, Late 2009)
  • iMac (21.5-inch, Mid 2010)
  • iMac (27-inch, Mid 2010)
  • Mac mini (Mid 2010)
  • Mac Pro (Late 2010)

ZombieLoad itself won’t work on these machines because they use older Intel chips. But they could be vulnerable to similar “speculative execution vulnerabilities,” Apple says, and there’s only so much Cupertino can do about it.

Intel won’t fix older processors

“These models may receive security updates in macOS Mojave, High Sierra or Sierra,” Apple explains in a new support document. But they are “unable to support the fixes and mitigations due to a lack of microcode updates from Intel.”

You shouldn’t be too concerned, though. Even on newer Macs, it’s unlikely ZombieLoad and similar exploits will affect too many users.

But this is another big reason why Apple is rumored to be developing its own chips for the Mac. Relying on third-parties leads to all kinds of problems that Apple often has no control over.