This post is also available in: Deutsch (German)
Patches for the Intel vulnerability ZombieLoad will lkill the performance. Apple says the patch can reduce Mac performance by up to 40 percent.
ZombieLoad patches are performance killers
The recently discovered Intel vulnerability called ZombieLoad can only be fixed with very drastic measures. Many processors of the Intel Core i and Xeon family are affected by the side channel attack. An exploit can record the data running on the same processor core in other programs. This works independently of the operating system. For example, virtual machines are also affected without restriction, as the company Cyberus Technology, one of the finders of the vulnerability, impressively demonstrates in a video. Especially models with hyperthreading are vulnerable because the exploit and the attacking process share a lot of resources.
This is particularly problematic for data center servers. Often many virtual instances from different owners run on the same hardware. Attackers can thus easily spy on the processes of the other virtual machines. In addition to ZombieLoad, there are also other security gaps called MDS by Intel, which are based on the same principle. The patches for these gaps are, however, also a performance problem. They often include the complete deactivation of hyperthreading.
Apple: Macs with patch up to 40 percent slower
Apple has now also confirmed how strongly the deactivation of hyperthreading can affect the performance of the hardware. In a support document, the iPhone and Mac manufacturer points out what to do to protect against side channel attacks such as ZombieLoad. Apple recommends disabling hyperthreading on Macs. This can be done with MacOS 10.14.5 and the latest security updates 2019-003 for macOS 10.13 High Sierra and macOS 10.12 Sierra via an option. The option is disabled by default, and for good reason. In addition to individual adjustments, hyperthreading is also omitted. The company admits that this does not come without performance losses. Depending on the workload, users can expect up to 40 percent less performance from their Macs.