Posted 3/22/2024, 3:01:00 PM
New attack targets security of Apple's M1, M2, M3 chips by exploiting vulnerability in CPU hardware design
- New "GoFetch" attack impacts Apple M1, M2, M3 chips, steals crypto keys by exploiting CPU prefetching behavior
- Works by training data memory prefetcher (DMP) to leak bits of secret keys from cache during constant-time crypto ops
- Attack confirmed on M1, likely works on M2/M3 too; no fix as it exploits hardware vulnerability
- Mitigations possible but hurt performance; users urged to keep OS/software updated to avoid malware risk
- Attack requires code execution on target system; remote attack possible if system infected with malware