instructions on how to enable full mitigation against Intel CPU attacks on Mac

Topic

New Reply

Apple : instructions on how to enable full mitigation against Intel CPU attacks on Mac, up to 40 percent performance penalty

How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities
This option is available for macOS Mojave, High Sierra, and Sierra after installing security updates.

Intel has disclosed vulnerabilities called Microarchitectural Data Sampling (MDS) that apply to desktop and notebook computers with Intel CPUs, including all modern Mac computers.

Although there are no known exploits affecting customers at the time of this writing, customers who believe their computer is at heightened risk of attack can use the Terminal app to enable an additional CPU instruction and disable hyper-threading processing technology, which provides full protection from these security issues…

The full mitigation, which includes disabling hyper-threading, prevents information leakage across threads and when transitioning between kernel and user space, which is associated with the MDS vulnerabilities for both local and remote (web) attacks.

Testing conducted by Apple in May 2019 showed as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks. Performance tests are conducted using specific Mac computers. Actual results will vary based on model, configuration, usage, and other factors…

https://support.apple.com/en-gb/HT210108

1 user thanked author for this post.

Nathan Parker

Reply | Quote

Replies

And Apple only uses Intel chips, right? Ugh. This is depressing enough for pc users, its worse for Mac.

AMD is coming up roses now.

https://www.techpowerup.com/255537/amd-confirms-its-processors-are-unaffected-by-ridl-and-fallout-vulnerabilities

1 user thanked author for this post.

Microfix

Reply | Quote

The fact that Meltdown and Spectre still haven’t been exploited almost 18 months since their disclosure says something – that these flaws are not easily exploitable and unless you’re handling state secrets or are a cloud service operator, you have little to worry about. I’m certainly not willing to sacrifice performance to enable any of these mitigations.

2 users thanked author for this post.

OscarCP, satrow

Reply | Quote

Here is the story of this problem, according to Wikipedia:

https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling

It says there that these issues were known in Intel since sometime last year. They are known now after  others, at universities in Austria (Graz UT) and Belgium (CU Leuven) found out — or finally decided to reveal their existence  — just this month, while at Intel it was decided to go along and join in the disclosure with them.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

anonymous wrote:

The fact that Meltdown and Spectre still haven’t been exploited almost 18 months

We don’t know if in the last year the thousands companies and servers that were hacked were exploited by Meltdown and Spectre or not. No one will admit to the type of hacking.

Reply | Quote

While it’s true this will enable full mitigation against the attacks, I personally don’t recommend it (since the performance hit isn’t worth it). I personally recommend only applying the security updates themselves. I’m not overly concerned about the attacks, although it’s certainly going to give Apple the extra kick to pivot away from Intel processors even faster.

Nathan Parker

2 users thanked author for this post.

Myst, Kirsty

Reply | Quote