After the announcement of new vulnerability which targets Intel CPU architecture, Apple released instructions explaining how users with computers ‘at heightened risk’ of attack to enable full mitigation mode.
Due to the fact that full mitigation is considered as high amount of security for the average user, it is not enabled by default and comes with huge performance penalties.
According to the tests made by Apple, there is up to a 40% drop in performance when full mitigation is activated. This is a result of the enabled MDS protection that includes fully disabling hyper-threading, and adds additional barriers when the processor switches contexts.
The full mitigation mode may be used mostly by certain users who are particularly at risk, like members of government or high-ranking business executives, for instance.
Apple users should also know that the vulnerability danger is only a theoretical concern and no attacks have affected Mac so far. Yet, the company advises users to download only trusted software from the App Store.
If you prefer to enable full mitigation, just follow the steps below:
- Restart your Mac and hold Command key and the R key to enter macOS Recovery mode.
- Open the Terminal from the Utilities menu.
- Enter the command ‘nvram boot-args=”cwae=2″‘ (without single quotes) and press Return.
- Enter the command ‘nvram SMTDisable=%01’ and press Return.
- Then restart the Mac.
For additional details on the process, check out the support documentation.
Keep in mind that the speculative execution exploits affect Intel CPU architecture only and pose no risk to Apple’s ARM chips in iPads and iPhones.