Last year, Apple released security updates for Safari to fix Spectre speculative execution vulnerabilities affecting devices with ARM-based and Intel CPUs. Apple at that time mentioned that the mitigations had no measurable impact on performance of Apple devices. Apple has now released new security updates in macOS Mojave 10.14.5 to fix the new speculative execution vulnerabilities in Intel CPUs. Even these new fixes for Safari will have no measurable impact on performance. But Apple has mentioned that users with Mac laptops and desktops at heightened risk need to enable full mitigation to prevent harmful apps from exploiting these vulnerabilities.
Full mitigation requires using the Terminal app to enable an additional CPU instruction and disable hyper-threading processing technology. But doing this may reduce performance by up to 40 percent. Highly multithreaded apps will be severely affected if you perform this mitigation.
The full mitigation, which includes disabling hyper-threading, prevents information leakage across threads and when transitioning between kernel and user space, which is associated with the MDS vulnerabilities for both local and remote (web) attacks.
To enable full mitigation of MDS after installing security updates, start your Mac in macOS Recovery and then enter commands in the Terminal app.
- Turn on or restart your Mac and immediately press and hold Command (?)-R or one of the other macOS Recovery key combinations on your keyboard.
- From the Utilities menu in the menu bar, choose Terminal.
- Type the following two commands, one at a time, at the Terminal prompt. Press Return after each one.
- From the Apple menu , choose Restart.