Mac ZombieLoad virus: Has your Mac been affected?

ZombieLoad is the latest in a string of serious and widespread vulnerabilities that could result in cybercriminals stealing data and anything else they want straight from a Mac’s CPU. 

What is ZombieLoad? 

Known as a side-channel attack, similar to other ones that have been uncovered - Meltdown, Spectre, and Foreshadow - ZombieLoad was discovered in 2018. It isn’t a virus as such. Instead, this is a security vulnerability that is inherent in every Intel chip manufactured since 2011. 

Since Macs have, for many years, used Intel processor chips, this makes every Mac user vulnerable to this potential weakness and the consequences of not erasing the vulnerability from your system. 

How this was discovered requires an understanding of the speculative execution process. Some of the academics involved in uncovering Meltdown and Spectre were involved in this. What they were looking into is the way that CPU components during the speculative execution process leak data. Effectively, inherent and normal inefficiencies in the ways that CPUs operate are unfortunately causing security weaknesses that could affect millions of people around the world. 

As reported at “Objective by the Sea”, a 2019 security conference, 20% of Macs are infected by PUPs — Potentially Unwanted Applications.

Within every CPU there are microarchitectural data structures. CPUs use load, store, line and fill buffers to implement fast read/writes of data being processed. These buffers are smaller caches of data that sit alongside a CPUs main cache.

Cybercriminals and hackers, and even state actors, can explore weaknesses within the flow of data, known as a Microarchitectural Data Sampling (MDS) attack. Through clever targeting of these micro caches of data, gaining access to line fill buffers can extract more data than other MDS attacks. ZombieLoad is the end result, also known as RIDL.

Here’s what ZombiLoad-type of viruses can do on your Mac:

  • Kill browser processes
  • Hijack start pages
  • Take screenshots
  • Steal data
  • Access file system
  • Terminate apps

Anyone with a Mac that has an Intel chip in that was made before 2011 is therefore vulnerable to this attack. Any Mac that has fallen victim to ZombieLoad could experience the loss of everything stored or going through a CPU at any one time being taken. This can include passwords, secret keys, personal data, private messages, pictures, and anything else a cyber criminal might want. Naturally, this isn't a vulnerability you want: it’s like leaving the house with the door unlocked, car parked outside and keys in the door ready for it to be driven away.

How to protect your Mac from ZombieLoad?

In the pursuit of seeing how high-risk this is, researchers were able to prove that even data stored on a secure Tor Browser running inside a virtual machine was vulnerable. Researchers have also found that any chips within every Mac and even cloud servers are at risk. 

Thankfully, unlike when Meltdown was discovered in January 2018, Intel hasn't been caught wondering what to do without any kind of explanation. 

Intel has been proactive and has already started to ship microcode updates, thereby protecting Macs that were potentially vulnerable to ZombieLoad and other MDS attacks. The way new CPUs work make them less vulnerable to these sort of attacks, and with the microcode update it should ensure older CPUs have caught up with newer models. 

Apple has also been proactive with macOS mini-updates to protect CPUs and ensure people can’t be further impacted by this vulnerability. Other software and hardware companies are making similar updates, including Microsoft and Linux. 

Apart from waiting for an update, you might want to clear your Mac of any potentially security vulnerabilities. One way to do that is with an app designed to identify and safely remove viruses and other cyber threats.

How to remove ZombieLoad from a Mac? 

One way to remove MDS attacks, malware, spyware, and other viruses is with CleanMyMac X. 

CleanMyMac X is a powerful malware removal tool. It also works to improve the performance of a Mac, clearing out unwanted files and duplicates. Mac users often have up to 62GB of data they don't need, slowing down overall performance. With CleanMyMac X, your Mac runs as good as new and if you’ve got any malware infections, here is how you remove them: 

  1. Download CleanMyMac X;
  2. Click on the Malware Removal tab; 
  3. It will scan for ZombieLoad and any other cyber threat; 
  4. CleanMyMac X will show you what your Mac is infected with; 
  5. Click Remove and they will vanish for good.

CleanMyMac X is a powerful Mac malware removal tool. We keep a close eye on emerging - and legacy - cyber threats, malware, adware and viruses and ensure that Mac users can remove them as soon as they appear.

ZombieLoad and other MDS threats need removing as quickly as possible. They are about as dangerous as cyber threats come and are some of the most high-risk and common given that they can live deep within a computers architecture and can override all of the normal security systems in place designed to protect people and software. Take action immediately if you are concerned your CPU might have been compromised.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.