Following the announcement of new speculative execution exploits that target Intel CPU architecture, Apple has posted a new document on its website that explains how customers with computers that are ‘at heightened risk’ of attack can enable full mitigation. Full mitigation is not enabled by default as it is probably an excessive amount of security for the average user, and it comes with big performance penalties.
In its tests, Apple recorded up to a 40 percent drop in performance with full mitigation activated. This is because enabling MDS protection involves disabling hyper-threading entirely, and adds additional barriers when the processor switches contexts.
more…