Friday, 4 July 2025
27.9 C
Singapore
27.9 C
Thailand
19.7 C
Indonesia
28.5 C
Philippines

Apple silicon vulnerability exposes encryption keys

Discover the recent vulnerability in Apple's M-series chips that allows encryption keys to leak and learn how to protect your device.

International researchers have unearthed a significant vulnerability in Apple’s M-series chips, which can leak encryption keys. This flaw, embedded within the chip’s microarchitectural design, cannot be patched traditionally. Instead, software-based mitigation strategies are necessary, potentially hampering performance. The technical nature of this discovery is best understood by delving into the detailed report by Ars Technica, but a simplified explanation is provided here for clarity.

Understanding the GoFetch attack

The crux of the issue lies in Apple Silicon’s data memory-dependent prefetcher (DMP). This component predicts which memory addresses will likely be needed by running code, enhancing efficiency. However, this predictive mechanism can be manipulated to unveil sensitive data, including encryption keys, through an attack dubbed GoFetch. The researchers’ groundbreaking insight revealed that while the DMP typically only dereferences pointers, attackers can craft inputs that, combined with cryptographic secrets, result in an intermediate state mimicking a pointer under specific conditions. This vulnerability enables the extraction of partial or complete information about the cryptographic secret, undermining the security of constant-time swap primitives and various cryptographic implementations designed to resist chosen-input attacks.

Historical context and mitigation

Interestingly, this is not the first instance of a DMP-related flaw in Apple Silicon; a similar vulnerability, the Augury flaw, was identified in 2022. Although the recent discovery may raise concerns, the practical risk is considered low. Gaining system access and the time required for an attack are significant barriers. Extracting a 2048-bit RSA key took the researchers just under an hour, whereas obtaining a 2048-bit Diffie-Hellman key took over two hours, and a Dilithium-2 key took more than ten hours.

Protecting your devices

Adhering to basic security practices is advisable for users seeking to safeguard their devices against such vulnerabilities. Keeping macOS Gatekeeper enabled and avoiding the installation of apps from unknown sources are essential steps in maintaining security.

In summary, while discovering this flaw in Apple’s M-series chips highlights potential security concerns, the immediate risk to users remains low, thanks to the demanding requirements for executing such an attack. Nonetheless, awareness and adherence to recommended security measures are crucial for protection.

Hot this week

Google lets you share smart home access more easily with family and kids

Google Home lets you easily assign Admin or Member roles, even for kids under 13, to manage your smart home access better.

Apple plans to launch 7 headsets and smart glasses by 2028, analyst says

Apple is planning to launch at least seven headsets and glasses by 2028, including smart glasses, a Vision Air, and updated Vision Pro models.

Meta may buy PlayAI to boost its voice cloning technology

Meta may buy AI voice cloning startup PlayAI to expand lifelike voice features in its apps, smart glasses, and AI assistants.

Microsoft opens pre-orders for Surface Copilot+ PCs in Singapore

Microsoft launches AI-powered Surface Pro and Surface Laptop in Singapore, with pre-orders open ahead of 15 July availability.

Alibaba Cloud marks 10 years in Singapore with new data centres and AI innovation hub

Alibaba Cloud celebrates 10 years in Singapore with new AI centre, data centres in Southeast Asia, and global green AI initiatives.

Xiaomi opens new store at City Square Mall and launches Shopee presence in Singapore

Xiaomi opens its ninth store in Singapore at City Square Mall and launches its official Shopee store with promotional offers across both platforms.

Tools for Humanity: Why Southeast Asia is shaping the future of humanness in the Age of AI

Southeast Asia is pioneering the future of digital identity with World ID, offering private, secure, and human-first verification at scale.

Google to roll out update for Pixel 6A battery overheating next week

Google’s July 8 Pixel 6A update limits battery overheating by reducing capacity after 400 cycles, with free replacements for affected users.

Microsoft opens pre-orders for Surface Copilot+ PCs in Singapore

Microsoft launches AI-powered Surface Pro and Surface Laptop in Singapore, with pre-orders open ahead of 15 July availability.

Related Articles

Popular Categories