Posted 3/22/2024, 12:19:52 PM
Unpatchable Chip Flaw in New Macs Allows Encryption Key Theft
- New research reveals unpatchable vulnerability ("GoFetch") in Apple M1/M2 chips that allows attackers to extract encryption keys from Macs
- Attack exploits flaw in Data Memory-Dependent Prefetchers (DMPs) in Apple silicon CPUs which can leak sensitive data despite constant-time programming defenses
- Enables attacks on popular cryptographic algorithms from OpenSSL, RSA, etc. within an hour in some cases
- Flaw cannot be patched directly - requires building mitigations into encryption software which can significantly degrade performance
- Concerned users advised to watch for mitigation updates in future macOS releases for vulnerable encryption protocols