Zombieloadattack and force updating MacOS – part 2

Patching your MacOS to the latest version is only a partition solution, it prevents JavaScript exploits via safari. It does not resolve the issues for other browsers for now. When researching I ran into this article that explains a bit more on how this works:

https://www.tugraz.at/en/tu-graz/services/news-stories/tu-graz-news/singleview/article/nach-meltdown-und-spectre-tu-graz-forscher-entdecken-neue-sicherheitsluecken0/

Store-to-Leak Forwarding

Store-to-leak forwarding also reads pre-loaded data by exploiting the efficient way in which computer processors function. “The computer assumes that I want to use the data which I have just written to the processor again right away. So it keeps it in the buffer for faster access,” explains Gruss. This functionality can also be used to determine the architecture of the computer processor and find the exact location where the operating system is running. “If I know exactly where the processor is running the operating system, then I can launch targeted attacks against flaws in the operating system.”

More Information: https://cpu.fail/store-to-leak.pdf

 


So to fully mitigate this attack is to disable the hyperthreading for now. This can be done from the recovery mode.

  • Restart your Mac and hold Command key and the R key to enter macOS Recovery mode.
  • Open the Terminal from the Utilities menu.

    nvram boot-args=”cwae=2″

  • Run

    nvram SMTDisable=%01

  • Restart the Mac.

 

Make sure to read this post with much more detail on why and how to do this:

https://derflounder.wordpress.com/2019/05/16/macos-hyperthreading-and-microarchitectural-data-sampling-vulnerabilities/

 

So if you “disable half the threads” in a Mac processor you lose half the power. This got me thinking… do I really want to do this for all of my machines. Also this cannot be scripted afaik.

Chrome and Firefox will be releasing updates soon (they better!) and should help.

Will you be disabling hyperthreading on your fleet?

 


 

I did get some useful feedback from people regarding forcing users to update:

Nudge – thanks to justunholt

A tool to help users with pre-existing devices upgrade their OS version.

https://github.com/erikng/nudge/blob/master/images/nudge_ss.png?raw=true

A-Kinder-macOS-Update – thanks to Taboc741

A workflow for more user intuitive macOS updates. Allowing the user to defer updates to a more convenient time after updates become available, while allowing for greater assurance that security updates are being applied to IT.

 

 

 

 

One thought on “Zombieloadattack and force updating MacOS – part 2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s