Unpatchable Vulnerability Found on Apple’s M1, M2 and M3 Chips

Researchers are calling it ‘GoFetch’, this flaw exposes the encryption keys on Apple’s M-series chips.
apple m series chips apple m series chips
Apple

Researchers have found an un-patchable vulnerability in the latest Apple Silicon M-series chips, including M1, M2, and M3. M-series chips are used in the latest Mac and MacBook devices.

‘GoFetch’ Vulnerability

Researchers are calling it ‘GoFetch‘, as it allows hackers to gain backdoor access to secret encryption keys on Macs and MacBooks.

The vulnerability lies with the components called ‘prefetchers’. The main job of Prefetchers is to retrieve data before it is requested, which results in increasing processing speed.

But, these prefetchers also create a door for malicious attacks. The researchers have called this vulnerability ‘GoFetch’. Researchers have described it as a microarchitectural side-channel attack used in extracting secret keys from the cryptographic implementations via memory-dependent prefetchers (DMPs).

The researchers informed Apple on December 5, 2023, but Apple didn’t give enough attention. After no positive replies from Apple, the researchers have made this information public.

Side-Channel Attack

A side-channel attack is a cyber attack that utilizes extra information that is left vulnerable due to the design of an algorithm or computer protocol. In this scenario, the DMPs that are installed in Apple Silicon chips can give access to sensitive information to hackers.

Solution?

This vulnerability cannot be patched with software because the real issue is with the microarchitectural design of these chips. Any changes to the design will degrade the performance of these chips.

If Apple tries to fix it in the M4 chipset, it will surely see poor performance, meaning, an M4 chip will run like an M2 chip with a fix.

Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.