Germany

Exchange

Tax

Cars

Critical security flaw unveiled in Apple’s latest Mac


macbook m3 max

WEB DESK: A significant security vulnerability has emerged affecting Apple’s Mac and MacBook computers, with the concerning aspect being its inability to be patched.

The vulnerability was unearthed by academic researchers, as initially reported by Ars Technica. It enables hackers to access confidential encryption keys on Apple computers utilising the latest Silicon M-Series chipset, encompassing models such as M1, M2, and M3, released from late 2020 onwards.

The crux of the matter revolves around prefetchers – components designed to proactively retrieve data before it’s requested to enhance processing speed – and the potential they create for nefarious exploitation by malicious entities.

Termed “GoFetch” by the researchers, the attack is described as “a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).”

Side-channel attacks leverage vulnerable additional information due to the inherent design of a computer protocol or algorithm.

Essentially, the researchers found that DMPs within Apple’s Silicon chipsets – namely M1, M2, and M3 – can grant unauthorised access to sensitive data, such as secret encryption keys.

These DMPs can be weaponised to circumvent security measures embedded in cryptography applications, with swift efficiency. For instance, the researchers demonstrated the extraction of a 2048-bit RSA key in less than an hour.

Typically, when a security flaw surfaces, companies can address it through software updates. However, this particular vulnerability is deemed unpatchable due to its entrenchment within the chip’s “microarchitectural” design.

Moreover, any security measures implemented to alleviate the issue would necessitate a significant performance degradation of the M-series chips.

The researchers notified Apple of their findings on December 5, 2023. Subsequently, they waited 107 days before disclosing their research to the public.

You May Also Like