Categories: GENERAL

Vulnerability found in Apple’s Silicon M-series chips – and it can’t be patched

A new security vulnerability özgü been discovered in Apple‘s Mac and MacBook computers – and the worst part is that it’s unpatchable.

Academic researchers discovered the vulnerability, first reported by Ars Technica, which allows hackers to gain access to secret encryption keys on Apple computers with Apple’s new Silicon M-Series chipset. This includes the M1, M2, and M3 Apple MacBook and Mac computer models.  

Basically, this vulnerability can be found in any new Apple computer released from late 2020 to today.

What is the vulnerability?

The issue lies with prefetchers — components meant to predictively retrieve data before a request to increase processing speed — and the opening they leave for malicious attacks from bad actors.

The researchers have dubbed the attack “GoFetch,” which they describe as “a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).” 

A side-channel attack is a type of cyber attack that uses extra information that’s left vulnerable due to the design of a computer protocol or algorithm.

The researchers explained the issue in an email to Ars Technica:

Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is different in this sense as in addition to addresses it also uses the data values in order to make predictions (predict addresses to go to and prefetch). In particular, if a data value “looks like” a pointer, it will be treated as an “address” (where in fact it’s actually not!) and the data from this “address” will be brought to the cache. The arrival of this address into the cache is visible, leaking over cache side channels. 

Our attack exploits this fact. We cannot leak encryption keys directly, but what we can do is manipulate intermediate data inside the encryption algorithm to look like a pointer via a chosen input attack. The DMP then sees that the data value “looks like” an address, and brings the data from this “address” into the cache, which leaks the “address.” We don’t care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.

Basically, the researchers discovered that the DMPs in Apple’s Silicon chipsets – M1, M2 and, M3 – can give hackers access to sensitive information, like secret encryption keys. The DMPs can be weaponized to get around security found in cryptography apps, and they can do so quickly too. For example, the researchers were able to extract an 2048-bit RSA key in under one hour.

Usually, when a security flaw is discovered nowadays, a company can patch the issue with a software fix. However, the researchers say this one is unpatchable because the issue lies with the “microarchitectural” design of the chip. Furthermore, security measures taken to help mitigate the issue would require a serious degradation of the M-series chips’ performance.

Researchers say that they first brought their findings to Apple’s attention on December 5, 2023. They waited 107 days before disclosing their research to the public. 

admin

Recent Posts

Muşamba Nedir, Ne Anlama Gelir? İle İlgili Yararlı Bilgiler

Muşamba Nedir, Ne Anlama Gelir? 03 Ekim 2024 Perşembe 22:40 ABONE OL Muşamba, su geçirmezlik…

2 ay ago

Yıl İle İlgili Yararlı Bilgiler

Yıl 30 Ekim 2008 Perşembe 20:43 ABONE OL Yıl Nedir?Dünyanın, güneş çevresinde tam bir dolanım…

2 ay ago

Gebelik Izlemi tedavi yöntemleri, nedenleri, tanısı

Gebelik Izlemi GEBELİK İZLEMİ Gebelik izlemi, gebeliğin planlanmasıyla başlayan, sağlıklı sürdürülmesini ve sorunsuz bir doğumu…

3 ay ago

Menopoz tedavi yöntemleri, nedenleri, tanısı

Menopoz MENOPOZ Menopoz, ovaryan aktivitenin (üreme ve östrojen yapımı) yitimi ertesinde, menstrüasyonun kalıcı olarak kesildiği…

3 ay ago

Birçok Kadın Endometriyal Kanserin Önemli Uyarı İşaretini Bilmiyor

Yeni bir araştırmaya göre, çok sayıda kadın, kadın üreme organlarının en yaygın kanseri olan endometriyal…

3 ay ago

Çok mu Oturuyorsunuz? Egzersiz Sağlığınıza Verdiğiniz Zararları Telafi Edebilir

Her gün sekiz saat veya daha fazla oturan kişilerin, her hafta 140 dakikadan az orta/yoğun…

3 ay ago