San Francisco, CA – University researchers have uncovered a significant security flaw in Apple Silicon Macs. This flaw, found in M1, M2, and M3 chips, allows attackers to bypass encryption and access cryptographic keys. The flaw is inherent in the chip architecture, making it impossible for Apple to provide a patch for current devices.
The vulnerability lies in a process known as Data Memory-dependent Prefetchers (DMP), a feature present in advanced chips like the M-series. This process optimizes memory address predictions for running code, reducing latency between main memory and the CPU. However, a bug in the DMP allows malicious apps to exploit it and decrypt keys over time.
A collaborative effort by seven researchers from various universities resulted in the development of an app called GoFetch, capable of successfully exploiting the vulnerability. By manipulating data in the chip to resemble a memory address, attackers can deceive the DMP and extract sensitive information.
While a workaround is possible to mitigate the issue, such measures would severely impact performance. Implementing defenses like ciphertext blinding can significantly increase computing resources, affecting operations like Diffie-Hellman key exchanges. Running cryptographic processes on alternate cores is also proposed but comes with its own set of drawbacks, potentially increasing operation times.
Despite the severity of the security flaw, real-world risks remain minimal. To exploit the vulnerability, an attacker would need to persuade a user to install a malicious app, a task made difficult by Apple’s default block on unsigned Mac apps. Additionally, the time required to execute an attack is substantial, ranging from 54 minutes to 10 hours in testing scenarios.
Apple has yet to implement protection against the DMP exploit discovered in 2022, as the performance impact does not justify the low likelihood of a real-world attack. The company has been made aware of the researchers’ findings but has not issued any public statements regarding a resolution. Long-term solutions will likely involve addressing the vulnerability in future chip designs to prevent similar exploits.
In conclusion, the security flaw in Apple Silicon Macs poses a potential risk to user data, but current safeguards and minimal real-world exploitability offer some reassurance. As researchers and Apple continue to address the issue, future chip designs are expected to incorporate improved security measures to mitigate such vulnerabilities.