diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2da7974b..e16830aa 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,11 +5,12 @@ set(CMAKE_C_STANDARD 11)
 set(CMAKE_CXX_STANDARD 17)
 
 option(MI_OVERRIDE          "Override the standard malloc interface" ON)
-option(MI_INTERPOSE         "Use interpose to override standard malloc on macOS" ON)
 option(MI_DEBUG_FULL        "Use full internal heap invariant checking in DEBUG mode" OFF)
 option(MI_SECURE            "Use full security mitigations (like guard pages, allocation randomization, double-free mitigation, and free-list corruption detection)" OFF)
 option(MI_USE_CXX           "Use the C++ compiler to compile the library" OFF)
 option(MI_SEE_ASM           "Generate assembly files" OFF)
+option(MI_INTERPOSE         "Use interpose to override standard malloc on macOS" ON)
+option(MI_OSX_ZONE          "Use malloc zone to override standard malloc on macOS" OFF) # enables interpose as well
 option(MI_LOCAL_DYNAMIC_TLS "Use slightly slower, dlopen-compatible TLS mechanism (Unix)" OFF)
 option(MI_BUILD_TESTS       "Build test executables" ON)
 option(MI_CHECK_FULL        "Use full internal invariant checking in DEBUG mode (deprecated, use MI_DEBUG_FULL instead)" OFF)
@@ -61,14 +62,19 @@ endif()
 if(MI_OVERRIDE MATCHES "ON")
   message(STATUS "Override standard malloc (MI_OVERRIDE=ON)")
   if(APPLE)
+    if(MI_OSX_ZONE MATCHES "ON")
+      # use zone's on macOS
+      message(STATUS "  Use malloc zone to override malloc (MI_OSX_ZONE=ON)")
+      list(APPEND mi_sources src/alloc-override-osx.c)
+      if(NOT MI_INTERPOSE MATCHES "ON")
+        message(STATUS "  (enabling INTERPOSE as well since zone's require this)")
+        set(MI_INTERPOSE "ON")
+      endif()
+    endif()
     if(MI_INTERPOSE MATCHES "ON")
       # use interpose on macOS
       message(STATUS "  Use interpose to override malloc (MI_INTERPOSE=ON)")
       list(APPEND mi_defines MI_INTERPOSE)
-    else()
-      # use zone's on macOS
-      message(STATUS "  Use zone's to override malloc (MI_INTERPOSE=OFF)")
-      list(APPEND mi_sources src/alloc-override-osx.c)
     endif()
   endif()
 endif()
diff --git a/src/alloc-override-osx.c b/src/alloc-override-osx.c
index 99c6a134..92d5ce2b 100644
--- a/src/alloc-override-osx.c
+++ b/src/alloc-override-osx.c
@@ -14,7 +14,6 @@ terms of the MIT license. A copy of the license can be found in the file
 #error "this file should only be included on macOS"
 #endif
 
-#warning "malloc zones do not seem to work for now; use MI_INTERPOSE instead"
 /* ------------------------------------------------------
    Override system malloc on macOS
    This is done through the malloc zone interface.
@@ -182,8 +181,10 @@ static malloc_zone_t* mi_get_default_zone()
   }
 }
 
+#if 0
 // directly overwrite the default zone as per:
 // <https://lists.apple.com/archives/darwin-dev/2005/Apr/msg00050.html>
+#include <mach/mach.h>
 
 static void __attribute__((constructor)) _mi_macos_override_malloc_direct()
 {
@@ -199,13 +200,18 @@ static void __attribute__((constructor)) _mi_macos_override_malloc_direct()
   intro.force_unlock = &intro_force_unlock;
 
   static malloc_zone_t oldzone;
-  static malloc_zone_t* zone = malloc_default_zone(); // get the `malloc` backing default zone
+  static malloc_zone_t* zone;
+  zone = mi_get_default_zone(); // get the `malloc` backing default zone
   if (zone == NULL) return;
 
   // save the default zone in oldzone
   memset(&oldzone, 0, sizeof(oldzone));
   if (zone->version >= 9) memcpy(&oldzone, zone, sizeof(oldzone));
 
+  if (zone->version >= 8) {
+    vm_protect(mach_task_self(), (uintptr_t)zone, sizeof(*zone), 0,
+               VM_PROT_READ|VM_PROT_WRITE);
+  }
   // overwrite default zone functions in-place
   zone->zone_name = "mimalloc";
   zone->size = &zone_size;
@@ -237,6 +243,11 @@ static void __attribute__((constructor)) _mi_macos_override_malloc_direct()
   }
   */
 #endif
+  if (zone->version >= 8) {
+    vm_protect(mach_task_self(), (uintptr_t)zone, sizeof(*zone), 0,
+               VM_PROT_READ);
+  }
+
   /*
   // Unregister, and re-register the purgeable_zone to avoid bugs if it occurs
   // earlier than the default zone.
@@ -247,7 +258,8 @@ static void __attribute__((constructor)) _mi_macos_override_malloc_direct()
   */
 }
 
-/*
+#else
+
 static void __attribute__((constructor)) _mi_macos_override_malloc()
 {
   static malloc_introspection_t intro;
@@ -314,6 +326,6 @@ static void __attribute__((constructor)) _mi_macos_override_malloc()
   }
 
 }
-*/
+#endif
 
 #endif // MI_MALLOC_OVERRIDE
diff --git a/src/alloc-override.c b/src/alloc-override.c
index 151c2333..c0e7bc2b 100644
--- a/src/alloc-override.c
+++ b/src/alloc-override.c
@@ -13,7 +13,7 @@ terms of the MIT license. A copy of the license can be found in the file
 #error "It is only possible to override "malloc" on Windows when building as a DLL (and linking the C runtime as a DLL)"
 #endif
 
-#if defined(MI_MALLOC_OVERRIDE) && !(defined(_WIN32) || (defined(__MACH__) && !defined(MI_INTERPOSE)))
+#if defined(MI_MALLOC_OVERRIDE) && !(defined(_WIN32)) // || (defined(__MACH__) && !defined(MI_INTERPOSE)))
 
 // ------------------------------------------------------
 // Override system malloc