macOS Mojave 10.14.5 fixes this issue for Safari with no measurable performance impact.1 This update prevents exploitation of these vulnerabilities via JavaScript or as a result of navigating to a malicious website in Safari.

Customers can also protect their Mac by updating security settings in macOS to download apps only from the App Store. This setting helps prevent the installation of apps that could potentially exploit these vulnerabilities. All apps from the App Store are signed by Apple to ensure that they haven’t been tampered with or altered. Learn how to view and change app security settings on your Mac.

Although there are no known exploits affecting customers at the time of this writing, customers with computers at heightened risk or who run untrusted software on their Mac can optionally enable full mitigation to prevent harmful apps from exploiting these vulnerabilities. Full mitigation requires using the Terminal app to enable an additional CPU instruction and disable hyper-threading processing technology. This capability is available for macOS Mojave, High Sierra, and Sierra in the latest security updates and may reduce performance by up to 40 percent2, with the most impact on intensive computing tasks that are highly multithreaded. Learn how to enable full mitigation.