How to Enable Full Mitigation for MDS Vulnerabilities on Mac

In what could send shock waves to millions of computer users (including Mac owners), security experts have found serious vulnerabilities in Intel chips dating way back to 2011. Termed as ZombieLoad, these vulnerabilities can allow hackers to capture sensitive information directly from the processor.

Worse, the malicious attack is said to work not only on personal computers but also in the cloud. As of now, there are (fortunately) no reports of any exploitation of ZombieLoad vulnerabilities.

“The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. The attack does not only work on personal computers but can also be exploited in the cloud.”

How to Turn ON Full Mitigation for MDS Vulnerabilities on macOS

As always, Apple has quickly responded and already released a security update in macOS Mojave 10.14.5. More significantly, the tech giant has provided the security update for older versions of macOS as well like High Sierra, and Sierra.

Concerned about the safety of your personal information? You can enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities on your macOS device to safeguard your data against exploitation. Keep in mind; it will reduce up to 40 percent performance of your computer.

“The full mitigation, which includes disabling hyper-threading, prevents information leakage across threads and when transitioning between kernel and user space, which is associated with the MDS vulnerabilities for both local and remote (web) attacks. Testing conducted by Apple in May 2019 showed as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks,” Apple.

That being said; check out the security update on your Mac and install it right away. After that, follow along to turn on full mitigation for MDS on your Mac!

Step #1. First off, you need to restart (or turn on) your Mac and then quickly press and hold Command (⌘) + R to enter macOS Recovery.

Step #2. Now, click on the Utilities menu and select Terminal.

Step #3. Next, enter the below-given command in the Terminal prompt and hit return.

nvram boot-args="cwae=2"

Step #4. You have to enter one more command and hit return:

nvram SMTDisable=%01

Step #5. Next up, click on Apple menu and choose Restart.

That’s it! Now, rest assured that all of your data will be safe—at least from this attack.

Later, if you decide to turn off full mitigation on your Mac, you can get it done with ease. To do it, you will have to reset NVRAM. One thing worth noting is that you will require adding the boot-args to the NVRAM command if you had set custom boot-args.

How to Disable Full Mitigation on your Mac

Simply, shut down your Mac. Then, turn it ON and quickly press these keys: Option, Command (⌘), P, and R. Keep holding the keys until 20 seconds.

  • If your Mac plays a startup sound, release the keys after the second startup sound.
  • If your Mac comes with Apple T2 Security Chip, you need to release the keys when Apple logo appears and disappears the second time.

How to Find Out the Status of Hyper-Threading On Mac

You can easily check the status of hyper-threading in macOS. To get it done, click on the () Apple menu icon and choose About This Mac. Then, click on System Report. You should see the hyper-threading technology enabled/disabled if your device processor has the support for it.

There you go!

Wrapping Up…

It just goes on to show that there is nothing like ultimate security in the world. Last year, we had seen Meltdown and Spectre vulnerabilities and hoped that such dangers would no longer appear on the horizon.

However, the arrival of ZombieLoad has yet again proved that we must never take our eyes away from the sensitive information and always provide an additional layer of safeguard to our data.

Catch up with these posts as well:

What’s your take on ZombieLoad? Share your feedback and stay tuned in with us via Facebook, Twitter, and Instagram as well as download our iOS app to quickly access our latest guides.