ZombieLoad is an attack that uses a vulnerability in the so called “speculative execution” of a different process running on the same core of the processor.

Imagine that the processor running code is a car going down a street. Every once in a while, it comes to an intersection where it has to turn left or right. The car does not yet know this though – it has to look it up first, and until then it’s just standing still.

With speculative execution, the car will create a ghost car which will guess which direction is right. Once it finds out which direction is right a little bit later, it will either warp to the ghost car, or it’ll delete the ghost and start over from the intersection, going in the right direction this time.

Hyperthreading allows another car to drive in the same city. They can normally not see each other – but with ZombieLoad, they can see the ghosts. And by observing where these ghosts are going, malware can possibly find out what it’s doing and extract sensitive data.

> Should I, an average computer user, be worried? I’m reading that installing the patch could slow my Mac down by up to 40%?

As far as I know, the vulnerability isn’t as problematic for end-users as it is for companies using cloud services such as Microsoft Azure or Amazon Web Services to run their software, possibly with sensitive data. But I’m not a security expert, so I don’t want to give you any recomendations about what to do in this case.