Apple's Full ZombieLoad Fix Cuts Mac Speeds by Up to 40%
If you haven't read the news yet, another set of devastating flaws was discovered on Intel CPUs that allows hackers to steal personal data, including web browsing history, passwords and encryption keys.
Frequently referred to as ZombieLoad (or Microarchitectural Data Sampling by Intel), the security exploit is actually four distinct attacks, all with the same goal of nabbing your sensitive data.
If that sounds familiar, it's because ZombieLoad is very similar to Spectre and Meltdown, except these new vulnerabilities weren't uncovered by journalists before a coordinated disclosure by Apple, Google, Microsoft and Intel was scheduled, leaving them enough time to get patches out to defend against the bugs.
However, the software updates coming to macOS, Windows and Chrome OS may not be enough for some users. After releasing security updates in macOS Mojave 10.14.5, Apple published a support page explaining that the only way to fully mitigate ZombieLoad is to disable CPU hyper-threading. Doing so, however, could decrease your system's performance by up to 40%, according to Apple's own internal testing.
Hyper-threading is a technique used by Intel that splits a physical core into two virtual cores, or threads. This results in significant performance gains, particularly when running CPU-intensive apps or programs. When turned off, your computer must rely on only its physical cores.
Credit: Michael Schwartz/Twitter
There are conflicting arguments as to whether hyper-threading should be disabled on all computers affected by the flaw, which includes those with an Intel chip from 2011 or later. (Intel says the flaw does not affect some 8th Gen and 9th Gen CPUs; the researchers who discovered ZombieLoad and its three related vulnerabilities disagree.)
Intel specifically said that it does not recommend disabling hyper-threading because of the various factors affecting the security of individual users. Google, on the other hand, is disabling hyper-threading by default on Chrome OS 74, which rolled out earlier this month. Microsoft, like Apple, also recommended disabling the performance feature for reassurance, though it left it to users' discretion.
Apple specifies that users with "computers at heightened risk or who run untrusted software on their Mac" ("untrusted: may mean applications unavailable in the Mac App Store) can optionally disable hyper-threading. While the company didn't specify who that involves, we suspect government officials, executives or anyone with sensitive data that hackers might want to get their hands on would fall under the category.
If you're in that group or want to be extra cautious, follow these steps to disable hyper-threading on your Mac. Note, this method is only available for computers running macOS Mojave, High Sierra and Sierra.
How to disable hyper-threading on your Mac
1. Turn on and restart your Mac then immediately press the Command+R or another macOS Recovery key on your keyboard.
2. Choose Terminal from the Utilities menu from the menu bar.
3. Type the following command into the Terminal prompt: nvram boot-args="cwae=2"
4. Press return then type: nvram SMTDisable=%01
5. From the Apple menu, press Restart.