Full reduction against Mac Intel attack takes 40% hit

Following the announcement of new speculative execution exploits that target Intel CPU architecture, Apple has posted a new document on its website that explains how customers with computers that are ‘at heightened risk’ of attack can enable full mitigation. Full mitigation is not enabled by default as it is probably an excessive amount of security for the average user, and it comes with big performance penalties.


In its tests, Apple recorded up to a 40 percent drop in performance with full mitigation activated. This is because enabling MDS protection involves disabling hyper-threading entirely, and adds additional barriers when the processor switches contexts.

Most users do not need to worry about enabling full mitigation. macOS 10.14.5 includes the most important and most relevant patches, like preventing JavaScript exploits through Safari. Apple rolled these critical fixes for all customers as the performance penalty was small/negligible.

The full mitigation mode may be of interest to customers who are particularly at risk, like members of government or high-ranking business executives.

It’s also important to stress that the danger is currently just a theoretical concern and there are no known attacks out in the wild that affect Macs. Naturally, Apple recommends that users only download trusted software from the App Store.

With those qualifiers in mind, to enable full mitigation, follow these steps:

  1. Restart your Mac and hold Command key and the R key to enter macOS Recovery mode.
  2. Open the Terminal from the Utilities menu.
  3. Enter the command ‘nvram boot-args=”cwae=2″‘ (without single quotes) and press Return.
  4. Enter the command ‘nvram SMTDisable=%01’ and press Return.
  5. Then restart the Mac.

For more details on this process, check out the support documentation including instructions on how to verify if hyper-threading has been deactivated and steps to disable full mitigation if you no longer need it. These speculative execution exploits specifically affect Intel CPU architecture and pose no risk to Apple’s ARM chips in its iPhones and iPads.


Also Read on TechDomes

About the Author

Harry King

Harry King is the main author and also covers Apple and Android news for TechDomes. You can message Harry over email or Twitter.

Harry King’s favorite gear


This week’s TechCast

Categories: Technology

Tagged as: , , ,

2 replies »

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.