14 DAY TRIAL // Apple was quick to publish today a new support page to teach Mac users on macOS Mojave, High Sierra, and Sierra how to fully mitigate the newly disclosed Intel Microarchitectural Data Sampling (MDS) vulnerabilities.
Four new speculative execution vulnerabilities were discovered by several security researchers in Intel's microprocessor, which could allow local attackers to expose sensitive information when transitioning between kernel and user space. As these hardware flaws affect numerous Intel CPUs, you can imagine that all modern Mac computers are affected as well.
Apple has already released the security updates in the latest macOS Mojave 10.14.5 operating system to protect users against these vulnerabilities, but to fully mitigate your Mac computer, you'll need to also disable hyper-threading processing technology and enable an additional CPU instruction, which, unfortunately, leads to 40 percent performance loss.
"Testing conducted by Apple in May 2019 showed as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks," reads Apple's support page. "Performance tests are conducted using specific Mac computers. Actual results will vary based on model, configuration, usage, and other factors."
Here's how to fully mitigate MDS vulnerabilities on your Mac
If you think your Mac may be at risk of attacks using these new speculative execution vulnerabilities, you will have to first update your Mac to the latest software release available for macOS, such as macOS Mojave 10.14.5, Security Update 2019-003 for macOS High Sierra 10.13, and Security Update 2019-003 for macOS Sierra 10.12.
Once these software updates were successfully installed, you'll have to disable the hyper-threading processing technology and enable an additional CPU instruction. To do that, enter macOS Recovery by pressing and holding the Command (⌘)-R keys immediately after rebooting your Mac, and then run the following two commands in the Terminal app located in the Utilities menu.
nvram boot-args="cwae=2"
nvram SMTDisable=%01
After executing the above commands, restart your Mac by using the Restart option from the Apple menu. If you want to revert these changes, simply reset NVRAM by pressing and holding the Option, Command, P, and R keys for about 20 seconds immediately after rebooting your Mac. Please note that these instructions won't work for Boot Camp users.