Apple Support: ‘How to Enable Full Mitigation for Microarchitectural Data Sampling (MDS) Vulnerabilities’

Apple Support:

Intel has disclosed vulnerabilities called Microarchitectural Data Sampling (MDS) that apply to desktop and notebook computers with Intel CPUs, including all modern Mac computers.

Although there are no known exploits affecting customers at the time of this writing, customers who believe their computer is at heightened risk of attack can use the Terminal app to enable an additional CPU instruction and disable hyper-threading processing technology, which provides full protection from these security issues.

This option is available for macOS Mojave, High Sierra and Sierra and may have a significant impact on the performance of your computer. […] Testing conducted by Apple in May 2019 showed as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks.

It’s good that there are no known exploits using these techniques, but even if there were, the overwhelming majority of Mac users — almost everyone — would not need to enable this mitigation. These MDS vulnerabilities enable malware on your computer to do bad things. But these vulnerabilities are not ways for malware to get onto your computer.

Once you have malware on your computer, the game is over. I’m not saying these MDS vulnerabilities aren’t a problem — they obviously are, because they make malware potentially more dangerous. But the game is keeping malware off your computers in the first place.

(Also worth noting: these particular vulnerabilities don’t affect iPhones, iPads, Apple Watches, or the vast majority of Android devices because ARM chips don’t have these vulnerabilities. Only Intel chips. We’re running out of reasons for Apple not to switch the entire Mac platform to ARM.)

(Bonus parenthetical: It’s possible that there are similar vulnerabilities in ARM chips too, but if there are, none have been publicly disclosed yet.)

Wednesday, 15 May 2019