Apple's Instructions for Full Mitigation of Intel CPU MDS Vulnerabilities Will Decrease Performance by Up to 40%

Apple's Instructions for Full Mitigation of Intel CPU MDS Vulnerabilities Will Decrease Performance by Up to 40%

Posted by · 8758 views · Translate

Apple has posted instructions on how to fully mitigate (Microarchitectural Data Sampling) MDS vulnerabilities that affect Macs with Intel CPUs, including the recent discovered ZombieLoad Attack.

The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys. The attack does not only work on personal computers but can also be exploited in the cloud.

Although there are no known exploits at this time, users with computers at heightened risk or who run untrusted software on their Mac can optionally enable full mitigation to prevent harmful apps from exploiting these vulnerabilities.

The full mitigation, which includes disabling hyper-threading, prevents information leakage across threads and when transitioning between kernel and user space, which is associated with the MDS vulnerabilities for both local and remote (web) attacks.

Unfortunately, Apple's testing showed a massive performance drop of up to 40% when fully mitigating the MDS vulnerabilities.

You can find Apple's instructions on enabling and disabling full mitigation for MDS in the support document linked below.

Read More


Apple's Instructions for Full Mitigation of Intel CPU MDS Vulnerabilities Will Decrease Performance by Up to 40%

NoGoodNick - May 16, 2019 at 6:22pm
Whatever you think of them, you’ve gotta be thankful for M$, because with them attracting nearly ALL the malware/ransomware development, few get around to the Macs, though EVERYONE, from trolls to governments to local and national police, purchases JB vulnerabilities to spy on whoever they can. You can’t escape it, but the wide-opened PC environment ultimately makes the rest of us safer.
joeyxxl - May 15, 2019 at 4:38pm
Fuuuuuck intel. Can’t wait for ARM based Macs.
Recent