News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • instructions on how to enable full mitigation against Intel CPU attacks on Mac

    Posted on Alex5723 Comment on the AskWoody Lounge

    Home Forums AskWoody support Other platforms – for Windows wonks macOS for Windows wonks instructions on how to enable full mitigation against Intel CPU attacks on Mac

    This topic contains 5 replies, has 5 voices, and was last updated by

     Nathan Parker 1 week, 2 days ago.

    • Author
      Posts
    • #1635536 Reply

      Alex5723
      AskWoody Plus

      Apple : instructions on how to enable full mitigation against Intel CPU attacks on Mac, up to 40 percent performance penalty

      How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities
      This option is available for macOS Mojave, High Sierra, and Sierra after installing security updates.

      Intel has disclosed vulnerabilities called Microarchitectural Data Sampling (MDS) that apply to desktop and notebook computers with Intel CPUs, including all modern Mac computers.

      Although there are no known exploits affecting customers at the time of this writing, customers who believe their computer is at heightened risk of attack can use the Terminal app to enable an additional CPU instruction and disable hyper-threading processing technology, which provides full protection from these security issues…

      The full mitigation, which includes disabling hyper-threading, prevents information leakage across threads and when transitioning between kernel and user space, which is associated with the MDS vulnerabilities for both local and remote (web) attacks.

      Testing conducted by Apple in May 2019 showed as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks. Performance tests are conducted using specific Mac computers. Actual results will vary based on model, configuration, usage, and other factors…

      https://support.apple.com/en-gb/HT210108

      1 user thanked author for this post.
    • #1639064 Reply

      anita.yk
      Subscriber

      And Apple only uses Intel chips, right? Ugh. This is depressing enough for pc users, its worse for Mac.

      AMD is coming up roses now.

      https://www.techpowerup.com/255537/amd-confirms-its-processors-are-unaffected-by-ridl-and-fallout-vulnerabilities

      1 user thanked author for this post.
    • #1639335 Reply

      anonymous

      The fact that Meltdown and Spectre still haven’t been exploited almost 18 months since their disclosure says something – that these flaws are not easily exploitable and unless you’re handling state secrets or are a cloud service operator, you have little to worry about. I’m certainly not willing to sacrifice performance to enable any of these mitigations.

      2 users thanked author for this post.
    • #1641354 Reply

      OscarCP
      AskWoody Plus

      Here is the story of this problem, according to Wikipedia:

      https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling

      It says there that these issues were known in Intel since sometime last year. They are known now after  others, at universities in Austria (Graz UT) and Belgium (CU Leuven) found out — or finally decided to reveal their existence  — just this month, while at Intel it was decided to go along and join in the disclosure with them.

    • #1642164 Reply

      Alex5723
      AskWoody Plus

      The fact that Meltdown and Spectre still haven’t been exploited almost 18 months

      We don’t know if in the last year the thousands companies and servers that were hacked were exploited by Meltdown and Spectre or not. No one will admit to the type of hacking.

    • #1647679 Reply

      Nathan Parker
      AskWoody_MVP

      While it’s true this will enable full mitigation against the attacks, I personally don’t recommend it (since the performance hit isn’t worth it). I personally recommend only applying the security updates themselves. I’m not overly concerned about the attacks, although it’s certainly going to give Apple the extra kick to pivot away from Intel processors even faster.

      Nathan Parker

      2 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: instructions on how to enable full mitigation against Intel CPU attacks on Mac

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.