Tuesday, 29 April 2025
27.5 C
Singapore
28.3 C
Thailand
19.9 C
Indonesia
28.3 C
Philippines

Apple silicon vulnerability exposes encryption keys

Discover the recent vulnerability in Apple's M-series chips that allows encryption keys to leak and learn how to protect your device.

International researchers have unearthed a significant vulnerability in Apple’s M-series chips, which can leak encryption keys. This flaw, embedded within the chip’s microarchitectural design, cannot be patched traditionally. Instead, software-based mitigation strategies are necessary, potentially hampering performance. The technical nature of this discovery is best understood by delving into the detailed report by Ars Technica, but a simplified explanation is provided here for clarity.

Understanding the GoFetch attack

The crux of the issue lies in Apple Silicon’s data memory-dependent prefetcher (DMP). This component predicts which memory addresses will likely be needed by running code, enhancing efficiency. However, this predictive mechanism can be manipulated to unveil sensitive data, including encryption keys, through an attack dubbed GoFetch. The researchers’ groundbreaking insight revealed that while the DMP typically only dereferences pointers, attackers can craft inputs that, combined with cryptographic secrets, result in an intermediate state mimicking a pointer under specific conditions. This vulnerability enables the extraction of partial or complete information about the cryptographic secret, undermining the security of constant-time swap primitives and various cryptographic implementations designed to resist chosen-input attacks.

Historical context and mitigation

Interestingly, this is not the first instance of a DMP-related flaw in Apple Silicon; a similar vulnerability, the Augury flaw, was identified in 2022. Although the recent discovery may raise concerns, the practical risk is considered low. Gaining system access and the time required for an attack are significant barriers. Extracting a 2048-bit RSA key took the researchers just under an hour, whereas obtaining a 2048-bit Diffie-Hellman key took over two hours, and a Dilithium-2 key took more than ten hours.

Protecting your devices

Adhering to basic security practices is advisable for users seeking to safeguard their devices against such vulnerabilities. Keeping macOS Gatekeeper enabled and avoiding the installation of apps from unknown sources are essential steps in maintaining security.

In summary, while discovering this flaw in Apple’s M-series chips highlights potential security concerns, the immediate risk to users remains low, thanks to the demanding requirements for executing such an attack. Nonetheless, awareness and adherence to recommended security measures are crucial for protection.

Hot this week

Tenable uncovers critical privilege escalation flaw in Google Cloud Composer

Tenable exposes a GCP vulnerability in Cloud Composer that allows privilege escalation through interdependent cloud services.

DeepMind team in London seeks to unionise over AI concerns

DeepMind employees in London seek to unionise with the Communication Workers Union over concerns about Google’s AI policies and military contracts.

XPENG unveils AI-powered innovations and supercharged EVs at Auto Shanghai 2025

XPENG launches AI brain, 10-minute charging EV, and IRON humanoid robot at Auto Shanghai 2025, setting new mobility benchmarks.

Anthropic aims to uncover how AI models think by 2027

Anthropic CEO Dario Amodei aims to understand how AI models work by 2027 and urges industry-wide action for safety and transparency.

Bethesda releases The Elder Scrolls IV: Oblivion Remastered – and you can play it now

Bethesda released Oblivion Remastered, which features full visual upgrades and quality-of-life improvements and is now available across major platforms.

Razer Launches Pro Click V2 and V2 Vertical Mice: Blending Gaming and Productivity

Razer's new Pro Click V2 and V2 Vertical mice offer gaming precision and ergonomic comfort, with AI prompt access and long battery life, available now!

Nintendo Pop-Up Store and Mario Kart Fun Return to Jewel Changi Airport

Experience the magic of Nintendo at Jewel Changi Airport with the return of the Pop-Up Store and the exciting Mario Kart Jewel Circuit Challenge!

Lian Li’s new Lancool 207 Digital case brings a 6-inch LCD screen to your PC

Lian Li's Lancool 207 Digital PC case brings a bright 6-inch LCD screen to your setup, offering style, function, and full customisation.

Google to end support for early Nest thermostats on October 25

Google will stop supporting first—and second-generation Nest thermostats on October 25 and end new Nest launches in Europe.

Related Articles

Popular Categories