Skip to main content

Apple posts instructions on how to enable full mitigation against Intel CPU attacks on Mac, up to 40 percent performance penalty

Following the announcement of new speculative execution exploits that target Intel CPU architecture, Apple has posted a new document on its website that explains how customers with computers that are ‘at heightened risk’ of attack can enable full mitigation. Full mitigation is not enabled by default as it is probably an excessive amount of security for the average user, and it comes with big performance penalties.

In its tests, Apple recorded up to a 40 percent drop in performance with full mitigation activated. This is because enabling MDS protection involves disabling hyper-threading entirely, and adds additional barriers when the processor switches contexts.

Most users do not need to worry about enabling full mitigation. macOS 10.14.5 includes the most important and most relevant patches, like preventing JavaScript exploits through Safari. Apple rolled these critical fixes for all customers as the performance penalty was small/negligible.

The full mitigation mode may be of interest to customers who are particularly at risk, like members of government or high-ranking business executives.

It’s also important to stress that the danger is currently just a theoretical concern and there are no known attacks out in the wild that affect Macs. Naturally, Apple recommends that users only download trusted software from the App Store.

With those qualifiers in mind, to enable full mitigation, follow these steps:

  1. Restart your Mac and hold Command key and the R key to enter macOS Recovery mode.
  2. Open the Terminal from the Utilities menu.
  3. Enter the command ‘nvram boot-args=”cwae=2″‘ (without single quotes) and press Return.
  4. Enter the command ‘nvram SMTDisable=%01’ and press Return.
  5. Then restart the Mac.

For more details on this process, check out the support documentation including instructions on how to verify if hyper-threading has been deactivated and steps to disable full mitigation if you no longer need it. These speculative execution exploits specifically affect Intel CPU architecture and pose no risk to Apple’s ARM chips in its iPhones and iPads.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:



Avatar for Benjamin Mayo Benjamin Mayo

Benjamin develops iOS apps professionally and covers Apple news and rumors for 9to5Mac. Listen to Benjamin, every week, on the Happy Hour podcast. Check out his personal blog. Message Benjamin over email or Twitter.