The Intel ZombieLoad security hole patch is a presentation. Apple says the Mac patch to 40% reduces performance.
ZombieLoad patches are performance contractors
Intel's recently announced vulnerability with the name ZombieLoad can only be corrected with very drastic measures. Affected by the side channel attack many processors of the Intel Core i and Xeon family. In this case, exploit can record data that is executed on the same processor core in other programs. It works independently of the operating system. For example, virtual machines are also infinitely affected, as Cyberus Technology, one of the discoverers of the abyss, impressively demonstrates in the video. Hyper-threading models are particularly vulnerable, as the exploitation and process that is accessed share a particularly large number of resources.
This is particularly problematic for data center servers. Often there are many virtual copies of different owners working on the same hardware. Attackers can easily tap the processes of other virtual machines. In addition to ZombieLoad, there are other vulnerabilities mentioned by Intel MDS, which are based on the same principle. However, the patches for these holes are also a productivity problem. So they often suggest that hypertension is completely banned.
Apple: Mac with patch up to 40% slower
How powerful it can affect the exclusion of Hyperthreading on hardware performance, Apple now confirms. The iPhone maker notes in a support document what to do to prevent attacks from side channels such as ZombieLoad. So Apple recommends turning off Mac hypertext. This can be enabled via the MacOS 10.14.5 option and the latest security updates 2019-003 for macOS 10.13 High Sierra and macOS 10.12 Sierra. The option is deactivated by default and for good reason. In addition to individual adjustments, it simply weakens the hypertension. The company recognizes that this is not without loss of productivity. Users have to expect up to 40% less performance on their Mac computers, depending on the workload.