Following the announcement of new speculative execution exploits that target Intel CPU architecture, Apple has posted a new document on its website that explains how customers with computers that are ‘at heightened risk’ of attack can enable full mitigation. Full mitigation is not enabled by default as it is probably an excessive amount of security for the average user, and it comes with big performance penalties.
In its tests, Apple recorded up to a 40 percent drop in performance with full mitigation activated. This is because enabling MDS protection involves disabling hyper-threading entirely, and adds additional barriers when the processor switches contexts.
Most users do not need to worry about enabling full mitigation. macOS 10.14.5 includes the most important and most relevant patches, like preventing JavaScript exploits through Safari. Apple rolled these critical fixes for all customers as the performance penalty was small/negligible.
Read more at 9to5Mac.com