Apple computers with a serious vulnerability. It can't be patched
Apple Silicon processors have a serious security flaw. This applies to all new Mac computers.
Processors AppleSilicon used in the latest Mac computers impress with their efficiency and work culture, but it turns out that they are a bit lacking in terms of security. Cybersecurity researchers have identified a serious vulnerability that allows criminals to takeover of built-in cryptographic keysand with them to read encrypted data stored on the device.
GoFetch – a dangerous vulnerability in Mac computers with Apple Silicon
The new vulnerability has been given a name GoFetch and is based on a function of processors known as “data memory-dependent prefetcher” (DMP). To put it very simply, it allows you to increase the performance of the system by analyzing the contents of memory and “guessing” based on which address data will be downloaded to the processor cache next.
Unfortunately, this mechanism can be cheated. As researchers found, by entering data that “resembles” references to a specific memory sector, it is possible to obtain the full cryptographic key of a given processor. This makes it possible breaking most modern cryptographic security measures and obtaining, for example, a local cryptocurrency wallet or password vault.
The described condition applies to all processors from the Apple Silicon family, i.e. systems Apple M1, M2 and M3. Since we are talking about a typical hardware function here, its complete elimination may prove impossible, software patches, in turn, certainly will have a negative impact on the performance of the affected computers.
How to protect yourself?
Nevertheless, experts recommend users installation of the latest updates of both the operating system and the applications used and, as far as possible, avoiding programs from outside the App Store. This does not guarantee complete security, but it definitely minimizes the risk of falling victim to criminals.
Who else is at risk?
By the way, it is worth noting that Apple Silicon chips are not the only processors that use DMP. A similar mechanism also occurs in I processorsntel Core 13th generation (Raptor Lake), but these turned out to be resistant to the attack described. However, as researchers emphasize, this does not mean that the Blues' systems are completely safe, but rather that the entire situation requires further research. It is possible that we will soon hear about a new variation of the GoFetch vulnerability, which will threaten a much wider group of users.
Incidentally, the whole situation is strongly reminiscent of the incident from 2018, when cybersecurity researchers reported discovering vulnerabilities Spectre and Meltdown in Intel processors. Not only that, we were also dealing with a serious vulnerability at the hardware level de facto could not be patched without redesigning the systems, the first message described opened a veritable Pandora's box. After locating the problematic element, a short time later we were inundated with a wave of reports about subsequent Specter variations, which affected not only users of Intel processors, but also, among others, AMD and Qualcomm. Let's keep our fingers crossed that the whole cycle won't repeat itself this time.