A new security vulnerability has been discovered in Apple's Mac and Sport ArchivesMacBook computers – and the worst part is that it's unpatchable.
Academic researchers discoveredthe vulnerability, first reported by Ars Technica, which allows hackers to gain access to secret encryption keys on Apple computers with Apple's new Silicon M-Series chipset. This includes the M1, M2, and M3 Apple MacBook and Mac computer models.
SEE ALSO: Bing vulnerability made it possible to alter search resultsBasically, this vulnerability can be found in any new Apple computer released from late 2020 to today.
The issue lies with prefetchers— components meant to predictively retrieve data before a request to increase processing speed — and the opening they leave for malicious attacks from bad actors.
The researchers have dubbed the attack "GoFetch," which they describe as "a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs)."
A side-channel attack is a type of cyber attack that uses extra information that's left vulnerable due to the design of a computer protocol or algorithm.
The researchers explained the issue in an email to Ars Technica:
Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is different in this sense as in addition to addresses it also uses the data values in order to make predictions (predict addresses to go to and prefetch). In particular, if a data value "looks like" a pointer, it will be treated as an "address" (where in fact it's actually not!) and the data from this "address" will be brought to the cache. The arrival of this address into the cache is visible, leaking over cache side channels.
Our attack exploits this fact. We cannot leak encryption keys directly, but what we can do is manipulate intermediate data inside the encryption algorithm to look like a pointer via a chosen input attack. The DMP then sees that the data value "looks like" an address, and brings the data from this "address" into the cache, which leaks the "address." We don’t care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.
Basically, the researchers discovered that the DMPs in Apple's Silicon chipsets – M1, M2 and, M3 – can give hackers access to sensitive information, like secret encryption keys. The DMPs can be weaponized to get around security found in cryptography apps, and they can do so quickly too. For example, the researchers were able to extract an 2048-bit RSA key in under one hour.
Usually, when a security flaw is discovered nowadays, a company can patch the issue with a software fix. However, the researchers say this one is unpatchable because the issue lies with the "microarchitectural" design of the chip. Furthermore, security measures taken to help mitigate the issue would require a serious degradation of the M-series chips' performance.
Researchers saythat they first brought their findings to Apple's attention on December 5, 2023. They waited 107 days before disclosing their research to the public.
Topics Apple Cybersecurity MacBook
NYT Strands hints, answers for May 18
Staff Picks: Henry Darger’s Room, Shelley’s Ghost by The Paris Review
#JonathanFranzenHates, Nabokoving, and Other News
Google Pixel 7a announced: Specs, price, release date
How to Squeeze the Most Out of Your iPhone's Battery
TikTok will finally pay its biggest creators directly
Coronavirus infects bear cam rangers in remote Alaska national park
On the Scent by Emily Gould
NYT mini crossword answers for May 12, 2025
The 17 best tweets of the week, including Taylor Swift memes (of course)
Is it 'Thunderbolts*' or *The New Avengers'?
At Google I/O 2023, Search gets an AI overhaul
Google Bard announcement: Text
Something for Nothing by Ian Crouch
How to Squeeze the Most Out of Your iPhone's Battery
The Fetish by Vanessa Blakeslee
Join Us for Our 2012 Spring Revel by Sadie Stein
Double Fault by A
Whale Vomit Episode 5: Startup Monarchy
Google I/O 2023 unveils PaLM 2 large language model
Crowdfunding effort might just bring back the billboard racists helped removeTeenage Bollywood actor faces vicious social media abuse and no one knows whyThis cat hanging with his boys took the best selfie of all timeMove over Australia, the world's largest cricket stadium is being built in IndiaUsing this symbol in a video game violates international lawHere's what we imagine the schedule for Donald Trump's inauguration will look likeA new kind of battery has a builtFacebook spent even more on Oculus than everyone realizesThe White House's digital arm is using Steve Jobs' words to lure tech talentCrowdfunding effort might just bring back the billboard racists helped removeGoodnight, MH370: World unites in grief after search party for Malaysian airline gives upJapan is trying to help clueless tourists figure out their highApp Store prices in the UK to rise 25% due to Brexit pound slumpIndia opens its first school for transgender peopleCan you help solve this creepy internet mystery?Farmer comes up with legenScientists are catching sea turtles 'rodeo style' for an important reasonInterracial couples are finally getting some emoji representationSamsung may have 'leaked' its Galaxy S8, and boy does it look gorgeousThe Obamas paid a visit to Sasha and Malia's donated swing set 'Spider PlayStation 5 review: A big upgrade, and a bigger role for choice Solange deleted her Twitter account, but left this stirring note in its wake Magazine covers show scorn at Trump and his Charlottesville statements 'Legend of Korra' is a sophisticated series for ambivalent times Apple's iPhone 12 studio lets you mix and match iPhone colors and accessories The iPhone 12 Pro Max made me feel like a Kardashian and I loved it General Kelly's face had its own press conference yesterday LeBron James says love is needed after the events in Charlottesville Trump promotes fake Muslim massacre after Barcelona attack Update your iPhone to iOS 14.2 right now if you want to keep it secure Facebook Groups that spread misinfo now face probation, moderation Woman rebuffs body shamers who turned her crop top Instagram into a meme Giant tortoise escapes the zoo, but doesn't make it very far Tesla Tequila is already sold out, despite the hefty price tag The new Mac Mini will also feature Apple's in #SharpieGate: Debunked conspiracy theory leads to scary situation in Arizona After Charlottesville, tech companies are forced to take action against hate speech Alex Trebek, beloved 'Jeopardy' host for 36 years, is dead at 80 'Dash & Lily' review: Netflix holiday rom
2.5138s , 8223.7109375 kb
Copyright © 2025 Powered by 【Sport Archives】,Exquisite Information Network