According to the latest report, security researchers have discovered a new vulnerability in Intel chips, and almost all chips produced since 2011 are vulnerable to their attacks. The new vulnerability, called ZombieLoad, is similar to the Meltdown and Spectre features found in the Intel chip last year.
The macOS 10.14.5 update released by Apple has fixed these vulnerabilities. ZombieLoad is actually composed of four vulnerabilities, rooted in “speculative execution” and “out-of-order execution”. The researchers said that ZombieLoad will leak all data currently loaded by the processor core.
Similar to the previous Meltdown and Spectre, it is also caused by chip design flaws, and hackers can effectively exploit this design flaw for side-channel attacks on Intel chips. Laptops affected by ZombieLoad are also vulnerable to attacks in the cloud. ZombieLoad can be triggered in a virtual machine and breaks the original isolation between the virtual machine, other virtual systems and their host devices.
There are currently no public examples of malicious use of zombie payloads, but updating Mac software is still a good idea. Intel has released a microcode update, and the microcode patch will help clear the processor’s buffer and prevent data from being read. Apple also implemented these updates in yesterday’s macOS 10.14.5, and Apple also provided ZombieLoad with security updates for the macOS High Sierra and macOS Sierra versions.