Back in January 2018, news of the Spectre and Meltdown vulnerabilities took the world by surprise. Several independent research groups began publishing details about the speculative execution vulnerabilities. The flaws affected various processor architectures, most notably Intel, but also AMD, and even ARM-based processors like those found in iPhones and iPads. (Today’s Apple silicon-based Macs with M1 and M2 processors are also ARM-based.)
As we noted at the time, the world was just beginning to understand speculative execution flaws; it was only a matter of time before the discovery of similar flaws of this nature. Sure enough, more have been discovered since then, including SPOILER, though few have directly impacted Macs.
On August 9, 2023, researcher Daniel Moghimi spoke at the Black Hat USA 2023 conference and shared details about a new speculative execution vulnerability: Downfall (CVE-2022-40982). Moghimi reported the vulnerability to Intel nearly one year ago, in August 2022, and kept the details under embargo until now.
Here’s what Mac users should know about this vulnerability.
In this article:
By exploiting Downfall, attackers can read data in the computer’s memory that “should not normally be accessible.” According to Moghimi:
“A hacker can target high-value credentials such as passwords and encryption keys. Recovering such credentials can lead to other attacks that violate the availability and integrity of computers in addition to confidentiality.”
Moghimi says that such attacks are “highly practical.” In just two weeks, he was able to create “an end-to-end attack stealing encryption keys from OpenSSL.”
What’s worse, Moghimi says that it’s theoretically possible for an attacker-controlled Web page to remotely exploit the vulnerability on a victim’s computer.
In other words, proper exploitation of Downfall can cause some serious havoc; one shouldn’t take it lightly.
Intel has released microcode updates for affected processors. Dell, Lenovo, and other manufacturers have begun to release BIOS updates for affected PCs.
But Apple—which sold potentially affected Intel-based Macs from 2015 through 2023—has not yet confirmed whether Macs are directly impacted. Moghimi doesn’t speculate about this; rather, he links to a Macworld article that does the speculation for him. Macworld, for its part, reached out to Apple, but the company has not yet responded. Intego has also contacted Apple but has not received a response yet; we’ll update this article if Apple replies.
So, at this point, it’s not entirely clear whether Downfall directly affects Intel-based Macs. We may never know unless Apple confirms it and releases patches. (More on that later.)
Based on the information that has been made available so far, it’s possible that the following Macs could potentially be impacted by the Downfall vulnerability:
Each of these Macs has a potentially affected Intel processor from the 6th–10th generation (Skylake, Kaby Lake, Coffee Lake, Amber Lake, Cascade Lake, Ice Lake, or Comet Lake).
Although Downfall also affects 11th generation Intel processors, Apple had stopped releasing new Intel-based Mac models before this generation’s debut in 2021.
Apple finally stopped selling Intel-based Macs (at least as “new” products) this year; it discontinued the Mac mini (2018) in January, and the Mac Pro (2019) in June 2023.
Firmware updates are the Mac’s equivalent of BIOS updates. For the past several years, Apple has bundled Mac firmware updates with macOS updates; they’re not available as separate downloads. Firmware updates are installed automatically, as needed, as part of the macOS patching process.
It may be safe to assume that Apple has not yet released updates to address Downfall for any Macs. There’s no mention of CVE-2022-40982 or Downfall on Apple’s security updates page or its support site. Now that the general public has known about the vulnerability for more than a week, and most major PC hardware manufacturers have released statements, Apple’s silence hints that it likely hasn’t silently bundled patches with past macOS updates.
But macOS Sonoma is right around the corner. It only supports certain Mac models released in 2018 or later (aside from the iMac Pro, which only has a single model released in 2017; it’s the only 2017 Mac that officially supports Sonoma).
That might mean that, even if Apple releases firmware updates to mitigate Downfall, the other 2015, 2016, and 2017 Mac models might not get any updates.
If that’s the case, then those 2015–2017 models could be stuck with a perpetual hardware vulnerability. (Of course, not being able to run macOS Sonoma also leaves them at risk anyway, because Apple doesn’t fully patch the two previous macOS versions.)
Again, at this point we can only speculate about which models may be vulnerable to Downfall, and what Apple might do about it. We’ll have to wait and see whether Apple acknowledges the problem and how it decides to handle it.
We briefly talked about the Downfall vulnerability on episode 305 of the Intego Mac Podcast.
You can read our write-ups about the first major speculative execution vulnerabilities, Meltdown and Spectre, as well as a later attack called SPOILER.
By the way, Apple never did release a statement about SPOILER, or patches to mitigate it. To this day, it remains unclear whether Macs were impacted.
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: 
