Skip to content

ESET Research discovers Mozilla and Windows zero day & zero click vulnerabilities exploited by Russia-aligned RomCom APT group

  • ESET researchers discovered two previously unknown vulnerabilities, one in Mozilla and the other in Windows, being exploited by the Russia-aligned RomCom Advanced persistent threat (APT) group.
  • Analysis of the exploit led to the discovery of the first vulnerability, now assigned CVE-2024-9680: a use-after-free bug in the animation timeline feature in Firefox. ESET reported the vulnerability to Mozilla on October 8, 2024; it was patched within a day.
  • This critical vulnerability has a score of 9.8 out of 10.
  • Further analysis revealed another zero-day vulnerability in Windows: a privilege escalation bug, now assigned CVE 2024 49039, that allows code to run outside of Firefox’s sandbox. Microsoft released a patch for this second vulnerability on November 12, 2024.
  • The two zero-day vulnerabilities chained together armed RomCom with an exploit that requires no user interaction other than browsing to a specially crafted website.
  • Potential victims who visited websites hosting the exploit were located mostly in Europe and North America.

MONTREAL, BRATISLAVANovember 26, 2024 — ESET researchers discovered a previously unknown vulnerability, CVE-2024-9680, in Mozilla products, exploited in the wild by Russia-aligned APT group RomCom. Further analysis revealed another zero-day vulnerability in Windows: a privilege escalation bug, now assigned CVE-2024-49039. In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user interaction required (zero click) – which in this case led to the installation of RomCom’s backdoor on the victim’s computer. The backdoor used by the group is capable of executing commands and downloading additional modules to the victim’s machine. The Mozilla-related critical vulnerability discovered by ESET Research on October 8 has a CVSS score of 9.8 on a scale from 0 to 10. In 2024, RomCom struck in Ukraine and other European countries, as well as the United States. According to our telemetry, from October 10, 2024 to November 4th, 2024, potential victims who visited websites hosting the exploit were located mostly in Europe and North America.

On October 8, 2024, ESET researchers discovered vulnerability CVE-2024-9680. It is a use-after-free bug in the animation timeline feature in Firefox. Mozilla patched the vulnerability on October 9, 2024. Further analysis revealed another zero-day vulnerability, in Windows: a privilege escalation bug, now assigned CVE 2024 49039, that allows code to run outside Firefox’s sandbox. Microsoft released a patch for this second vulnerability on November 12, 2024.

The vulnerability CVE-2024-9680 discovered on October 8 allows vulnerable versions of Firefox, Thunderbird, and the Tor Browser to execute code in the restricted context of the browser. Chained with the previously unknown vulnerability in Windows, CVE-2024-49039, which has a CVSS score of 8.8, arbitrary code can be executed in the context of the logged-in user. Chaining together two zero-day vulnerabilities armed RomCom with an exploit that requires no user interaction. This level of sophistication demonstrates the threat actor’s intent and means to obtain or develop stealthy capabilities. Furthermore, successful exploitation attempts delivered the RomCom backdoor in what looks like a widespread campaign.

RomCom (also known as Storm-0978, Tropical Scorpius, or UNC2596) is a Russia-aligned group that conducts both opportunistic campaigns against selected business verticals and targeted espionage operations. The group’s focus has shifted to include espionage operations collecting intelligence, in parallel with its more conventional cybercrime operations. In 2024, ESET discovered cyberespionage and cybercrime operations of RomCom against governmental entities, defense, and energy sectors in Ukraine, the pharmaceutical and insurance sectors in the US; the legal sector in Germany; and governmental entities in Europe.

“The compromise chain is composed of a fake website that redirects the potential victim to the server hosting the exploit, and should the exploit succeed, shellcode is executed that downloads and executes the RomCom backdoor. While we don’t know how the link to the fake website is distributed, however, if the page is reached using a vulnerable browser, a payload is dropped and executed on the victim’s computer with no user interaction required,” says ESET researcher Damien Schaeffer, who discovered both vulnerabilities. “We would like to thank the team at Mozilla for being very responsive and to highlight their impressive work ethic to release a patch within a day,” he adds. Each vulnerability was fixed by, respectively, Mozilla and Microsoft.

This is at least the second time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild, after the abuse of CVE-2023-36884 via Microsoft Word in June 2023.

For a more detailed analysis and technical breakdown of the discovered vulnerabilities, check out the latest ESET Research blogpost “RomCom exploits Firefox and Windows zero days in the wild” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

Heatmap of potential victims

 

 

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

VPC best practices: How to secure access and strengthen your cloud

Summary: VPC best practices help keep your cloud safe. Set up secure configurations, control access, monitor traffic, and encrypt data. Regular reviews improve security and performance.

Virtual private clouds (VPCs) are virtualized cloud environments hosted on public cloud infrastructure. We use VPCs to create self-contained cloud environments with robust security protection. If you need to guard sensitive data or segment cloud assets, VPC solutions could be the best option.

A VPC also has financial benefits. When we compare virtual private cloud vs. private cloud solutions, virtualized hosting almost always cuts costs (and often improves performance).

If you choose to deploy a VPC, it’s vital to do so securely. VPCs are always vulnerable without the correct access controls and other security measures. This article will explore VPC security in more depth, including VPC security best practices to lock down your cloud-hosted assets.

Importance of securing VPC

VPC security matters because cloud security failures have dire consequences. Cloud attacks are also increasingly common. According to IBM’s Cost of a Data Breach Report 2024, 82% of breaches involved cloud-stored data.

In the same year, companies admit losing over 1 billion customer records to data thieves. One of the largest attacks targeted cloud data hosting company Snowflake, leaking records from AT&T, Ticketmaster, and even banking giant Santander.

Not all cloud deployments are equal. Comparisons between private cloud and public cloud solutions show that private cloud deployments protect data more efficiently. And virtual private clouds can be even more robust. Even so, unsecured cloud data is always at risk.

Despite these risks, confusion remains about who handles VPC security. Many companies assume their cloud vendor handles all security, so they set up their cloud service and forget about it. This is a mistake. Cloud security is a shared responsibility.

Vendors secure underlying infrastructure, including barriers between VPC instances. Users must secure access to cloud-hosted assets, including VPCs. Without robust controls, outsiders can breach VPCs and easily access data.

 

VPC best practices for security

Securing every VPC is critically important. There is no room for complacency, whether you handle protected health information or financial records. Fortunately, you can cut data breach risks by applying VPC security fundamentals.

What is VPC security all about? The list below includes security best practices to guide your virtual cloud deployment.

1. Configure your VPC securely

VPC security begins with configuration settings, including network segmentation, route tables, and network access control lists (NACLs).

VPC architecture enables basic segmentation via classless inter-domain routing (CIDR) blocks and subnets. CIDR blocks specify the number and range of allowable IP addresses on each VPC. Subnets are logically connected groups of IP addresses within the VPC and can be public or private.

A public subnet retains direct internet connectivity, creating an access risk if the subnet relates to sensitive resources. A private subnet lets you separate sensitive resources from other VPC assets and the public internet. This is a more secure VPC design solution.

VPC configuration should also consider the role of route tables and access control lists. These tools filter access requests and complement each other in VPC architecture.

Route tables record IP addresses linked to private subnets. They route traffic to connected assets, preventing general access to other resources.

Network access control lists (ACLs) define which users can enter a VPC subnet. When creating a VPC, check the default ACL settings. Most platforms allow all inbound and outbound traffic. Custom ACLs let you approve legitimate users, adding an extra layer of network security.

Finally, security groups logically group users and VPC assets. They also tend to have default settings that you can customize as needed. Check port, protocol, and IP addresses, and modify default security group configurations to suit your needs.

2. Securing access

Securing access is probably the most important VPC security best practice. Identity and Access Management (IAM) for VPCs includes internal and external controls. Both are critical in VPC security.

Internal controls define how users act inside the VPC perimeter. Platforms like Amazon Web Services use security groups to assign permissions for all users. Following the principle of least privilege (PoLP), permissions should enable access to essential resources while blocking access to everything else.

Access controls must also filter traffic originating outside the VPC.

NordLayer can help you manage external VPC access by network users. Our tools allow VPC users to implement flexible, lightweight, yet powerful controls for all users. VPN coverage links to VPC private gateways, concealing endpoints from external actors.

Remote workers can connect securely via our site-to-site VPN that encrypts VPC connections. Device posture management approves only compliant user devices, while multi-factor authentication guards against common credential theft attacks.

Secure API access is also vital. Services like AWS VPC Link create secure gateways for API calls. Avoid exposed VPC endpoints at all costs, as API exploits are a common route into cloud environments.

3. Monitor traffic on your VPC

In most cases, cloud service providers offer built-in security monitoring tools as part of the package. Reliable VPC traffic monitoring tracks security threats, unexplained behavior, and possible performance issues. VPC flow logs allow you to achieve these goals.

Flow logs record IP traffic within VPC perimeters. You can link them to specific security groups and track metrics like refused connection requests. With high-quality tracking data, you can detect intrusions rapidly and take action to protect critical data.

When this type of monitoring is not provided by default, clients can turn to third-party providers for more support.

VPC flow logs also help you diagnose security group configuration issues. Flow data helps detect excessively restrictive group identities that block vital traffic.

VPC users should also take advantage of monitoring integrations where possible. CloudTrail and CloudWatch are, for example, specific AWS services that provide logging and monitoring, respectively, within AWS environments.

  • CloudWatch makes flow logs even more powerful, offering real-time alerts and data insights. Use it to create customized security rules for resources and monitor performance at a granular level.
  • CloudTrail generates activity logs across the VPC. This makes it vital for accurate audits and tracing of malicious user requests.

4. Use secure VPC peering

A VPC peer link enables you to connect many VPCs for data transfers, load balancing, or to ensure optimal performance. Peering establishes a direct VPC peer link via private IPv4 or IPv6 addresses. This boosts security as a VPC peer link does not rely on the public internet to connect resources. Data flows stay within secure VPC boundaries.

Use peering to connect applications or to create secure links with other VPCs (for instance, systems managed by third-party suppliers).

When peering VPCs, check that route tables comply with your security policies. Limit routing to private subnets, instead of allowing direct connections between the CIDR blocks of VPC peers.

5. Encrypt data within the VPC

Encryption should protect data at rest within VPCs and data in transit between VPCs or across the network perimeter. VPC platforms like IBM or Amazon AWS provide native encryption for at-rest data. Users can manage encryption keys, deciding who can decrypt data and who is denied access.

VPC platforms generally do not encrypt traffic entering or leaving the VPC. This is the user’s responsibility, and there are a couple of options.

Firstly, AWS offers Direct Connect. This creates secure direct connections to AWS private gateways. Direct connections do not use the public internet. They tend to have low latency, ensuring high speeds and reliability.

Cloud and site-to-site VPNs could be better solutions. This can cause confusion, as users sometimes incorrectly oppose VPC vs. VPN technology. VPNs create encrypted tunnels for inbound and outbound data. They complement VPCs by securing connections over the public internet.

For example, NordLayer’s business VPN creates secure connections to VPCs over the public internet. This suits remote workers, providing flexibility and secure connectivity.

Always-on VPN functionality also encrypts every connection to the VPC. There are no loose ends. Users share the same encrypted tunnel, no matter where they log on.

6. Optimize cost and performance

Performance and cost optimization assist security by limiting the number of exposed endpoints and allowing only essential network traffic.

Here are some suggestions to keep the cost of VPC deployments down:

  • Plan the size and number of VPCs. Leave some room for growth, but don’t buy more capacity than you reasonably need. Most solutions enable scaling as your operations expand, and excess capacity can be costly.
  • Don’t add extra VPCs if VPC sharing works. Sharing works well when you need to segment resources at an account level. New VPCs should logically segment your business resources. You don’t need a VPC for each team.
  • Minimize the need for NAT gateways. VPC hosts charge for additional gateways, and every extra endpoint raises data breach risks. Centralized private gateways are more secure and probably more cost-effective. Low-risk assets can also sit behind public gateways – which incur very low or zero fees.
  • Manage the use of IP addresses in your VPC. Elastic IPs and standard IP addresses incur extra costs. Ensure you utilize all assigned IP addresses. This doesn’t just cut costs. It also limits the scope for external cyber-attacks.
  • Business VPNs also reduce overall security costs. Amazon charges a fee for VPN coverage or Direct Connect. You can achieve comparable security via NordLayer’s VPN (which covers other network assets as well).

Optimizing traffic is just as important, allowing you to monitor data transfers and user activity on each VPC (and cutting costs).

  • Use IP management tools to keep tabs on assigned and unused addresses.
  • Keep low-risk workload components within the same Availability Zone. This cuts the need for expensive data transfers.
  • Use multiple Availability Zones to host critical assets. Redundancy hedges against AZ outages, keeping resources available at all times.
  • Take advantage of flow logs to detect bottlenecks or routing issues.

Ensure secure cloud access with NordLayer

Whatever deployment type you choose, NordLayer can help secure access to VPC environments with features like Site-to-Site VPN. Employees can connect securely to VPC through Virtual Private Gateways, whether working from the office, home, or other remote locations. The connection is encrypted, and users’ personal IP addresses stay masked for added privacy.

Additional security features include multi-factor authentication (MFA), Device Posture Security to block unauthorized devices, and Cloud Firewall to create network access rules. These tools ensure that only authorized users and devices can reach your VPC without requiring Direct Connect or AWS VPN.

To find out more, check out NordLayer’s pricing page or get in touch with our Sales Team to discuss VPC solutions.

Alternatively, why not sign up with NordLayer as an MSP partner? Our partner program generates consistent revenues for members. As a cybersecurity partner, you will also benefit from NordLayer’s security expertise. Earn revenue and improve your VPC security posture by signing up today.

 
 

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Is SD-WAN Dead? Why SD-WAN Still Matters in Hybrid and Remote Work Environments

Introduction

Quick Answer: SD-WAN isn’t dead—it’s evolving. As businesses embrace hybrid work and lean towards security-driven solutions, SD-WAN remains essential. But it’s now frequently integrated with robust security frameworks like Secure Access Service Edge (SASE) and Zero Trust Network Access (ZTNA) to meet modern demands for secure, adaptable connectivity.

Sdwan evolution infographic

Why SD-WAN Still Plays a Key Role in Today’s Networks

SD-WAN (Software-Defined Wide Area Network) is a powerful tool for managing and optimizing network traffic, especially as businesses scale across branch offices, remote users, and cloud environments. Initially, SD-WAN gained popularity by helping organizations manage traffic across multiple network connections, making it easier and cheaper to access cloud applications and other remote resources without relying on costly MPLS networks. Even today, SD-WAN remains highly relevant for providing flexibility, connectivity, and performance.
However, the role of SD-WAN is evolving. More organizations are moving towards integrated solutions that combine SD-WAN with security tools, like Next-Generation Firewalls (NGFW) and SASE. This shift allows companies to secure their networks and streamline operations, helping them address the needs of a more distributed workforce. Research shows SD-WAN’s market growth is steady, with analysts forecasting a 16.8% compound annual growth rate (CAGR) through 2027. SD-WAN is adapting, not disappearing.

What’s “Coffee Shop Networking” and How Does It Impact SD-WAN?


Coffee Shop Networking

What is Coffee Shop Networking?

Dive deeper into this topic ➡

The rise of remote and hybrid work has redefined network requirements. With employees connecting from home or flexible workspaces, some businesses no longer need full-featured SD-WAN at every location. This demand for flexible, lighter connectivity options has led to what’s being called “coffee shop networking”—a model where remote users access corporate resources from various locations with minimal infrastructure.

For about 10-20% of enterprise sites, lighter SD-WAN functionality is sufficient to provide the required connectivity, allowing businesses to save on costs while maintaining reliable access. For these cases, streamlined SD-WAN services can offer just enough support for users working outside traditional offices. However, for industries like healthcare, retail, and manufacturing, full-featured SD-WAN remains critical due to the higher demands for network reliability and performance.

Integrating SD-WAN with Security: Why SASE and ZTNA are Essential

Integrating SD-WAN with Security graphic

As network and security needs converge, companies are moving towards integrated frameworks that combine SD-WAN with built-in security. Stand-alone SD-WAN solutions are becoming less common as organizations seek unified approaches that prioritize security and user access control. This shift is largely driven by Secure Access Service Edge (SASE), a framework that combines SD-WAN functionality with security services, allowing businesses to protect remote connections without compromising performance.

Zero Trust Network Access (ZTNA) is another important layer, enabling strict access control based on identity and device, ensuring only verified users gain network access. By integrating SD-WAN with security solutions like SASE and ZTNA, businesses create a streamlined, secure environment suitable for today’s decentralized workforce.

How Thinfinity Workspace Enhances SD-WAN with Extra Security Features

For companies looking to get even more value from their SD-WAN, Thinfinity Workspace provides enhanced security and access controls that complement traditional SD-WAN capabilities. Here’s how Thinfinity Workspace boosts SD-WAN performance:

  1. Zero Trust Network Access (ZTNA)
    Thinfinity Workspace adds ZTNA to SD-WAN, enforcing user and device-based access controls that limit network access only to authenticated users. This advanced layer of security ensures that both on-site and remote users can access resources securely, making it ideal for supporting a distributed workforce.
  2. Remote Privileged Access Management (RPAM)
    Thinfinity Workspace also includes Remote Privileged Access Management (RPAM), which provides secure, controlled access for privileged users and third-party vendors. Unlike traditional SD-WAN, which focuses on traffic routing and network performance, Thinfinity Workspace’s RPAM allows businesses to tightly control access to sensitive resources, enhancing overall security for remote and hybrid environments.

Is SD-WAN Dead? Why the Future of SD-WAN is in its Adaptability

SD-WAN is not dead; it’s evolving to meet the changing demands of hybrid work and distributed teams. Organizations still need reliable connectivity across branch locations and cloud applications, especially in a world where secure access is critical. By adapting to include features like SASE and ZTNA, SD-WAN continues to play an essential role in enterprise networking, while tools like Thinfinity Workspace add even more flexibility, security, and control.

Conclusion

SD-WAN remains a valuable solution for enterprises looking to manage and secure their networks in today’s hybrid work environment. By integrating with security frameworks like SASE, and adding advanced capabilities through Thinfinity Workspace, businesses can keep their networks adaptable, secure, and prepared for the future.

About Cybele Software Inc.
We help organizations extend the life and value of their software. Whether they are looking to improve and empower remote work or turn their business-critical legacy apps into modern SaaS, our software enables customers to focus on what’s most important: expanding and evolving their business.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Scale Computing’s Katie Beezley Named to CRN’s 2024 Channel Women on the Rise!

We’re thrilled to celebrate Katie Beezley, our Senior Marketing Events Manager, for her well-deserved recognition as a rising leader in the IT channel! Katie has been named to CRN’s prestigious 2024 Channel Women on the Rise list—a testament to her dedication, innovation, and the incredible impact she’s had on both Scale Computing and our valued partner community. A seasoned marketing professional with over a decade of experience, Katie excels at crafting engaging, impactful events that drive business growth and customer engagement. From orchestrating large-scale conferences to developing the strategic plans that support them, she brings a wealth of expertise to the table. Katie’s inclusion on the esteemed CRN list is a testament to her exceptional talent and the impact she’s had on both Scale Computing and the wider IT channel. This year, Katie’s leadership shone through in the planning and execution of our flagship partner and customer event, Scale Computing Platform 2024 (Platform//2024), in Las Vegas. The event offered a vibrant platform for networking, showcasing cutting-edge technologies, and delivering valuable educational sessions with industry leaders. Under Katie’s meticulous guidance and partner-centric approach, Platform//2024 was a resounding success, achieving a Net Promoter Score of 97 (nearly double the industry average!). The event welcomed over 700 attendees from 53 countries around the world—including over 250 members of the Scale Computing Partner Community—creating meaningful connections, fostering stronger partnerships, and bolstering business growth. We’re excited to build on that success as Katie and the team plan for Platform//2025 and anticipate welcoming over 500 partners from the global Scale Computing Partner Community to next year’s event, held May 13-15 in Las Vegas. “Every woman on the CRN 2024 Channel Women on the Rise list has demonstrated outstanding commitment to innovation and excellence in the IT channel,” said Jennifer Follett, Vice President of U.S. Content and Executive Editor of CRN at The Channel Company. “They are making great strides in their careers because of their dedication to advancing success for their partners and shaping the future of the channel ecosystem.” The Scale Computing team extends our sincerest congratulations to Katie and all the remarkable women on this year’s list who are making their mark on the IT channel! The 2024 Channel Women on the Rise list will be featured online November 25th and in the December issue of CRN Magazine.

About Scale Computing 
Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Scale Computing HC3 software eliminates the need for traditional virtualization software, disaster recovery software, servers, and shared storage, replacing these with a fully integrated, highly available system for running applications. Using patented HyperCore™ technology, the HC3 self-healing platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime. When ease-of-use, high availability, and TCO matter, Scale Computing HC3 is the ideal infrastructure platform. Read what our customers have to say on Gartner Peer Insights, Spiceworks, TechValidate and TrustRadius.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Guide to Apple’s M chips: M1, M2, M3, and beyond

 

The M chip is perhaps Apple’s most important release in the 2020s (so far).  

Introduced in November 2020, the M1 chip was the first one designed exclusively for macOS.  

Its speed, efficiency, and power have provided a notable boost to the complete Mac experience. 

Before the M1 release, Apple used Arm technology in its iOS devices (iPhone and iPad). Arm chips were used in Macs from 2016 to 2020 and are still commonly used in Windows machines.  

Still, the M1 chip delivers faster performance and exceptional power efficiency, including a 2X longer battery life.  

Following the successful release of M1, Apple unveiled the M2 chip in 2022, the M3 chip in 2023, and the M4 chip this past May.  

It’s a safe bet that the M5 chip will be released in 2025. Of course, it’s expected to be faster than all its M series predecessors.  

Try Parallels Desktop for Mac and run all your favorite apps on the M chip Apple computers, including Windows-exclusive apps. 

What are the differences between each M chip version?

There are significant differences among M chip versions, each with generation-over-generation updates and improvements. Let’s take a closer look:  

M1 chip

Released in 2020, the first M1 chip integrates the CPU (central processing unit) with the GPU (graphics processing unit) on a single piece of silicon. Consequently, enabling it to perform faster and extend MacBook’s battery life.  

Johny Srouji, Apple’s Senior Vice President of Hardware Technologies, said at the M1 announcement, “There has never been a chip like M; our breakthrough SoC (system on a chip) for the Mac.  

It builds on more than a decade of designing industry-leading chips for iPhone, iPad, and Apple Watch, and ushers in a whole new era for the Mac.”  

The M1 chip is available in MacBook Air, MacBook Pro, Mac Mini, and iMac models.  

M1 Pro

The M1 Pro offers increased performance with more CPU and GPU cores, making it 70 percent faster than the M1.  

 A PC chip’s peak performance paled compared to M1 Pro’s 1.7x higher CPU performance while using less than 70 percent power.  

The M1 Pro chip’s integrated graphics performed 7x faster than the 8-core PC laptop chip with its 16-core CPU.  

The M1 Pro is available on MacBook Pro, Mac Mini, iMac, and iPad Pro.  

M1 Max

When it launched in the fall of 2021, the M1 Max was the largest chip Apple had ever built.  

With a 10-core CPU similar to the M1 Pro, it added an impressive 32-core GPU, making its graphics processing capabilities 4x faster than the original M1.  

It performed like the highest-end GPU for the largest PC laptops but required far less power.  

The M1 Max allows for faster performance while it generates less heat and uses quiet fans.  

The M1 Max is available on MacBook Pro and MacBook Studio models.  

M1 Ultra

In the M1 series, M1 Ultra is the M chip on steroids.  

It is the UltraFusion packaging of two M1 Max dies, thus creating a powerful system on a chip.  

As a result, it produces 2.5 terabytes of bandwidth—four times higher than its competing PC.  

Mac M1 Ultra is exclusive to Mac Studio, providing access to apps designed for iPhone and iPad plus universal apps.  

M2 chip

Launching the next generation of Apple’s silicon, the M2 is exclusively designed for Macs.  

Like its M1 predecessor, it maintained its focus on power and efficiency and delivered a CPU, GPU, and Neural Engine. 

The SoC design of M2 has 50 percent more bandwidth than M1, with up to 24GB of fast unified memory, enabling it to handle larger and more complex workloads

The M2 chip is available on MacBook Air, MacBook Pro, Mac mini, iPad Pro, and Mac Studio. 

M2 Pro

The M2 Pro is available on the Mac Mini and the MacBook Pro. 

M2 Max

M2 Max is the answer for users who require heavy media tasks.  

The M2 Max was the most powerful chip Apple put in a laptop until the M2 Ultra debuted. It has the power to function in GPU-in-depth tasks and machine-learning applications.   

The M2 Max is available on MacBook Pro and Mac Studio. 

M2 Ultra

Inspired by its precursor, the M1 Ultra, the M2 Ultra is created from two M2 Max chips with UltraFusion technology.  

It offers scaled-up workflows, transcodes, exports video, runs intricate particle simulations, and works within 3D environments.  

When the M2 Ultra chip was released in June 2023, it made the new Mac Studio and Mac Pro the most powerful Mac desktops ever released up to that point.   

The M2 Ultra is available on Mac Studio and the Mac Pro.  

M3 chip

The M3 series was released in the fall of 2023, introducing the first three-nanometer technology.  

Apple surprised the industry by releasing the three models all at once, rather than their usual practice of releasing them in waves.  

Laura Metz, director of Apple’s Mac product marketing team, stressed how important it was for the M3 series to democratize features and ensure they are accessible to all users while also building their systems for real-life workloads.   

The M3 chip series introduced the Apple 3nm (or 3-nanometer), allowing more transistors to be packed into smaller spaces while elevating speed and efficiency.  

The devices with M3 chips include the MacBook Air, MacBook Pro, and the iMac. 

M3 Pro

The M3 pro streamlines workflows for creatives, coders, and researchers. This efficiency was accomplished by making the GPU 40 percent faster than the M1 Pro.   

The MacBook Pro comes with the M3 Pro chip.  

M3 Max

The M3 Max is designed for users who require complex applications like 3D graphics and video editing due to its architectural improvements to the performance and efficiency cores. 

M2 Ultra

Despite the success of its predecessors, the M1 and M2 Ultra, and anticipation for the M3 Ultra, Apple scrapped releasing it. Instead, they skipped over this version and went straight into the M4 chip series. 

M4 chip

In May 2024, Apple released the iPad Pro powered by an M4 chip, making it the second-generation three-nanometer technology.  

The M4 series comes with advanced machine-learning features for future software releases.  

Building on the M series legacy, the M4 offers power-efficient performance while making the iPad Pro the most powerful device of its kind.  

Devices with M4 chips include iPad Pro, iMac, Mac Mini, and the MacBook Pro. 

M5 chip

The M5 chip is anticipated for release in 2025, leaping further into performance efficiency.  

At this time, Apple has not shared what M5 will bring; however, it is expected to continue to build off the previous series.  

There are speculations that new iterations like the Pro, Max, and Ultra will follow the M5.  

It is worth pointing out that all the M series chips are 100% carbon neutral, aligning with Apple’s carbon neutral plan to have net-zero climate impact across its business by 2030.   

Parallels Desktop works beautifully with M chip Macs

Parallels Desktop allows Mac users to run Windows, Linux, and more on all M chip Macs.  

As the only Microsoft-authorized solution running Windows on Macs with Intel and Apple silicon, the Parallels Desktop team continues to collaborate closely with Apple to bring our millions of users with the latest updates so that they can feel confident investing in their Mac.   

Elevate your Mac experience running Windows and Windows applications. Choose from over 200,000 apps to work, study, and play.  

Want to try it for yourself? Get your free trial of Parallels Desktop now.  

About Parallels 
Parallels® is a global leader in cross-platform solutions, enabling businesses and individuals to access and use the applications and files they need on any device or operating system. Parallels helps customers leverage the best technology available, whether it’s Windows, Linux, macOS, iOS, Android or the cloud.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×