Apple has posted instructions on how to fully mitigate (Microarchitectural Data Sampling) MDS vulnerabilities that affect Macs with Intel CPUs, including the recent discovered ZombieLoad Attack.
The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys. The attack does not only work on personal computers but can also be exploited in the cloud.
Although there are no known exploits at this time, users with computers at heightened risk or who run untrusted software on their Mac can optionally enable full mitigation to prevent harmful apps from exploiting these vulnerabilities.
Facebook, Twitter, LinkedIn, Google Plus, Email, Reddit, Digg, Delicious, StumbleUpon
Facebook, Twitter, LinkedIn, Google Plus, Newsletter, App Store, YouTube