Experienced Mac users who are in a particularly strong environment with dangerous threats may feel the need to completely eliminate the vulnerabilities of the Intel MDS processor on their Mac computers (and computers in this regard). MDS stands for micro-architectural data sampling (MDS), colloquially called “Zombieload”, and represents a vulnerability on the Intel processor itself, which theoretically could lead to an attacker gaining access to confidential data on any vulnerable Intel, Mac or PC . (If you follow security news closely, Zombieload’s vulnerability is reminiscent of Specter and Meltdown’s security flaws last year).
While Apple has applied security patches for macOS Mojave 10.14.5 and Security Updates 2019-003 for High Sierra and Sierra, which should help prevent problems for most Mac users, other Mac users working in unusually elevated security environments may feel the need to further and include full mitigation against MDS / Zombieload.
Enabling complete removal of the Intel MDS vulnerability involves disabling hyperthreading on the processor itself, which can lead to a decrease in the performance of the machine by about 40%. This is obviously a pretty serious impact on performance, and thus, the vast majority of people should not worry about this, because the vast majority of people will also not be in a security threat environment that could put them at risk of being exposed to such vulnerabilities.
However, if you are particularly concerned about the attack vector of Zombieload / MDS on a Mac with an Intel processor, we will discuss below how to provide complete protection against attacks.
How to enable full protection against Zombieload / MDS on Intel Macs
Remember, to enable full setup for MDS / Zombieload on a Mac, you must turn off processor hyper-threading, which will cause a serious decrease in performance. The vast majority of Mac users do not have to worry about it.
Please note that the Mac must be running MacOS Mojave, macSO Sierra, MacOS High Sierra or newer.
First install MacOS Mojave 10.14.5, or Security Update 2019 for High Sierra, or Security Update 2019 for Sierra (or later) on Mac
Go to the Apple menu and select “Restart” to restart the Mac.
Immediately hold Ctrl + R on reboot to boot your Mac into recovery mode
When you go to the Utilities screen, open the Utilities menu from the menu and select Terminal.
Type the following command, then press Return
nvram boot-args = "cwae = 2"
Then type the following command and press the return key again:
nvram SMTDisable =% 01
Go to the Apple menu and select “Restart” to restart the Mac.
These guidelines for complete mitigation come directly from Apple.
How to restore full mitigation of MDS and enable Hyper-Threading on Mac
If you want to cancel full Zombieload / MDS suppression and re-enable hyper-threading on the processor, you will need to restart Mac NVRAM / PRAM to cancel a specific nvram change made in full mitigation. This is the same on all Mac models:
Turn Mac off
Turn on your Mac, then immediately hold down the COMMAND OPTION P R keys simultaneously.
Hold the COMMAND OPTION key P R for 20 seconds, then release
Release the keys when you hear the second boot signal (on Mac computers that play the boot sound) or see the Apple logo (Mac computers with a T2 chip)
Macs will now boot as usual with NVRAM rebooting, hyper-threading enabled and full MDS consequences.
You can also view NVRAM variables on Mac from the command line if you are not sure what is set.
Please note that if you use a firmware password, you may need to temporarily disable it before you can effectively reset NVRAM.
What is MDS / Zombieload?
For more information about MDS / Zombieload, as well as the mitigation process, you can refer to the Apple Support article, which describes the risk of MDS and complete mitigation as follows:
Intel has discovered vulnerabilities called microarchitectural data sampling (MDS) that apply to desktops and laptops with Intel processors, including all modern Macs.
Although at the time of this writing there were no known exploits affecting clients, customers who believe that their computer is at increased risk of attack can use the Terminal application to enable additional CPU instructions and disable hyperthreading processing technology, which provides complete protection from these security issues.
This option is available for macOS Mojave, High Sierra and Sierra and can have a significant impact on the performance of your computer.
In addition, to ensure complete mitigation, it is necessary to turn off hyperthreading on an Intel processor, which can significantly reduce performance. Apple describes it as follows:
Full mitigation, which includes disabling hyperthreading, prevents information leakage between threads and the transition between the kernel and user space, which is associated with MDS vulnerabilities for both local and remote (web) attacks.
Testing by Apple in May 2019 showed a 40 percent performance drop due to tests involving multi-threaded workloads and publicly available tests. Performance tests are conducted using specific Macs. Actual results depend on model, configuration, usage and other factors.
You may also be interested in learning more about microarchitectural data sampling (MDS) directly from Intel here at Intel.com.
Another source of information about Zombieload / MDS is the official Zombieload attack disclosure website, created by researchers who discovered security vulnerabilities. The following video of these security researchers demonstrates the Zombieload attack used to collect information from the target machine, despite the use of the TOR contained in the virtual machine (serious security!).
Again, most Mac users (and PCs) will not have to worry too much about these security vulnerabilities and may not have to worry about completely mitigating by turning off hyper-threading. Easy installation of macOS Mojave 10.14.5 and the corresponding security update 2019-003 for High Sierra and / or Sierra helps prevent potential risks for most Mac users. And, as always, never install any fragmentary or unreliable programs, as this should also greatly help, as almost all of these types of vulnerabilities rely on any form of malware that takes root in the first place.