A new security vulnerability has been discovered in Apple's Mac and BahamasMacBook computers – and the worst part is that it's unpatchable.
Academic researchers discoveredthe vulnerability, first reported by Ars Technica, which allows hackers to gain access to secret encryption keys on Apple computers with Apple's new Silicon M-Series chipset. This includes the M1, M2, and M3 Apple MacBook and Mac computer models.
SEE ALSO: Bing vulnerability made it possible to alter search resultsBasically, this vulnerability can be found in any new Apple computer released from late 2020 to today.
The issue lies with prefetchers— components meant to predictively retrieve data before a request to increase processing speed — and the opening they leave for malicious attacks from bad actors.
The researchers have dubbed the attack "GoFetch," which they describe as "a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs)."
A side-channel attack is a type of cyber attack that uses extra information that's left vulnerable due to the design of a computer protocol or algorithm.
The researchers explained the issue in an email to Ars Technica:
Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is different in this sense as in addition to addresses it also uses the data values in order to make predictions (predict addresses to go to and prefetch). In particular, if a data value "looks like" a pointer, it will be treated as an "address" (where in fact it's actually not!) and the data from this "address" will be brought to the cache. The arrival of this address into the cache is visible, leaking over cache side channels.
Our attack exploits this fact. We cannot leak encryption keys directly, but what we can do is manipulate intermediate data inside the encryption algorithm to look like a pointer via a chosen input attack. The DMP then sees that the data value "looks like" an address, and brings the data from this "address" into the cache, which leaks the "address." We don’t care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.
Basically, the researchers discovered that the DMPs in Apple's Silicon chipsets – M1, M2 and, M3 – can give hackers access to sensitive information, like secret encryption keys. The DMPs can be weaponized to get around security found in cryptography apps, and they can do so quickly too. For example, the researchers were able to extract an 2048-bit RSA key in under one hour.
Usually, when a security flaw is discovered nowadays, a company can patch the issue with a software fix. However, the researchers say this one is unpatchable because the issue lies with the "microarchitectural" design of the chip. Furthermore, security measures taken to help mitigate the issue would require a serious degradation of the M-series chips' performance.
Researchers saythat they first brought their findings to Apple's attention on December 5, 2023. They waited 107 days before disclosing their research to the public.
Topics Apple Cybersecurity MacBook
We'll always, er, sorta, have the Paris Climate Agreement
Man buys woman a drink, texts her awkward request weeks later
Veteran tech journalist Walt Mossberg quits Facebook and Messenger
People are dragging Offset for his manipulative Cardi B stunt
The best early Prime Day outdoor deals: Yeti, Stanley, Jackery, and more
Trump campaign responds to Clinton's 'basket of deplorables' comment
Chopsticks are the ultimate tool for snacking at your computer
Tailgating bro makes 'send beer money' sign, fellow sports fans do the rest
Great white shark leaps into tiny boat, fisherman treats it like NBD
Heartbreaking photo prompts internet to donate over $176,000 to 89
Save 50% on a Blink video doorbell and camera bundle
New climate rules aim to keep nations committed to the Paris Agreement
17 weird but great stocking stuffers
Katy Perry says she'll collaborate with Taylor Swift on one condition
Collins vs. Jabeur 2025 livestream: Watch Adelaide International for free
400 students showed up to sing to their teacher battling cancer
Yael Stone accuses Geoffrey Rush of inappropriate behavior
People are dragging Offset for his manipulative Cardi B stunt
NYT Connections hints and answers for February 1: Tips to solve 'Connections' #601.
Here's why drinkers should hit the gym
Chimamanda Ngozi Adichie shuts down white man on racismPrepare to be underwhelmed by these British supermoon picsSeriously beautiful science cocktails will have you rethinking your alcohol choicesJulian Assange is so bored he's making his cat wear fancy tiesBodybuilding bro who filmed himself eating placenta did it for the gainsWhy did the penguin cross the road? 'Cos he had a brand new underpass.We can't tell if people are making fun of this antiLong queues, short patience outside banks and ATMs as India copes with demonetizationSorry Britain, you probably won't see the supermoon todaySorry Britain, you probably won't see the supermoon todayFamous writers unite for children's rights in 'Tiny Stories' campaignBodybuilding bro who filmed himself eating placenta did it for the gainsSeriously beautiful science cocktails will have you rethinking your alcohol choicesThis book is the perfect gift for every Apple fanboy and fangirlCheck out the trailer for 'SNL' star Michael Che's Netflix specialThe Apocalypse stories aren't fun anymore. We need hope, HollywoodChicago Fire episode 505 puts Casey and Severide at oddsWestworld gets Season 2 renewal, along with Insecure and DivorceWhite House, meet white nationalist: Steve Bannon gets top Trump jobWhat will it take for the esports scene to grow up? Woman destroys Donald Trump in merciless Twitter rant Yes, you should care about Italy's referendum Kid gets apology letter from thief after drunken reindeer display theft SNL mocks Donald Trump's retweet spree, Steve Bannon and Mitt Romney Meeting with Trump emboldens anti 25 fun gifts to spruce up any apocalypse bunker Mariah Carey Google Allo gets Hindi language support Barack Obama would at least do better in digital media than Rory Gilmore Facebook is testing an AI flagging system for offensive Live video FlipSid3 Tactics tears through losers bracket to win 'Rocket League' Championship Series Hire someone to make your wedding hashtag because #itshardtobeclever Here are the books longlisted for the 2017 PEN Literary Awards Loyal dog still waits for college student to get off her former bus every day 'Lemonade,' Lin Cristiano Ronaldo strikes peak Ronaldo locker room pose The end of the world: How NASA and FEMA will deal with a killer asteroid U.S. author tweets that London is 'all Islamic', gets immediately shut down MashReads Podcast: 'The Sun Is Also A Star' is a beautifully woven YA novel about love How to make sure your laptop isn't one of thousands left with the TSA this holiday season
2.1627s , 10138.8828125 kb
Copyright © 2025 Powered by 【Bahamas】,Unobstructed Information Network