Apple has joined Google in advising customers to disable Intel CPUs' Hyper-Threading feature. This drastic measure is supposed to defend against Microarchitectural Data Sampling (MDS) issues that Intel disclosed on Monday. Apple warned, however, that defending against those vulnerabilities by disabling Hyper-Threading "may have a significant impact on the performance" of the system in question.
The MDS security vulnerabilities are present in nearly every modern Intel processor. Intel released updates to help protect affected systems, but those updates might not be enough to protect them, which is why Apple and Google have told customers to disable Hyper-Threading. Intel told us on Tuesday that most people won't have to disable Hyper-Threading; it depends on each individual's security requirements.
So just how significant of a performance impact can Apple customers expect if they disable Hyper-Threading?
"Testing conducted by Apple in May 2019 showed as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks," the company said. That's based on the company's test systems, though, and the actual impact will vary between devices.
Nobody wants their MacBook to be half as fast as it was before these mitigations were revealed. Because there isn't a known exploit involving the MDS flaws, these performance drops could be enough to convince many people not to defend their systems. It's pretty much like Intel said yesterday: everyone will have to decide for themselves if the improved security outweighs the dramatic performance impact.
How to Disable Hyper-Threading In MacOS
For those who want to lock down their Macs, here are the steps to follow, as outlined by Apple:
Turn on or restart your Mac and immediately press and hold Command (⌘)-R or one of the other macOS Recovery key combinations on your keyboard.From the Utilities menu in the menu bar, choose Terminal.Type the following two commands, one at a time, at the Terminal prompt. Press Return after each one:nvram boot-args="cwae=2"nvram SMTDisable=%01From the Apple menu , choose Restart.
More information--including ways to re-enable Hyper-Threading and to check whether a system is currently using Hyper-Threading--is available via Apple's support page.
Intel also shared more information about the MDS flaws, their mitigations and the performance impact of those mitigations on its website. We suspect more companies will respond to the flaws and how best to respond to them before too long.