Thursday, 3 July 2025
27.4 C
Singapore
26.3 C
Thailand
20.3 C
Indonesia
28.9 C
Philippines

Apple silicon vulnerability exposes encryption keys

Discover the recent vulnerability in Apple's M-series chips that allows encryption keys to leak and learn how to protect your device.

International researchers have unearthed a significant vulnerability in Apple’s M-series chips, which can leak encryption keys. This flaw, embedded within the chip’s microarchitectural design, cannot be patched traditionally. Instead, software-based mitigation strategies are necessary, potentially hampering performance. The technical nature of this discovery is best understood by delving into the detailed report by Ars Technica, but a simplified explanation is provided here for clarity.

Understanding the GoFetch attack

The crux of the issue lies in Apple Silicon’s data memory-dependent prefetcher (DMP). This component predicts which memory addresses will likely be needed by running code, enhancing efficiency. However, this predictive mechanism can be manipulated to unveil sensitive data, including encryption keys, through an attack dubbed GoFetch. The researchers’ groundbreaking insight revealed that while the DMP typically only dereferences pointers, attackers can craft inputs that, combined with cryptographic secrets, result in an intermediate state mimicking a pointer under specific conditions. This vulnerability enables the extraction of partial or complete information about the cryptographic secret, undermining the security of constant-time swap primitives and various cryptographic implementations designed to resist chosen-input attacks.

Historical context and mitigation

Interestingly, this is not the first instance of a DMP-related flaw in Apple Silicon; a similar vulnerability, the Augury flaw, was identified in 2022. Although the recent discovery may raise concerns, the practical risk is considered low. Gaining system access and the time required for an attack are significant barriers. Extracting a 2048-bit RSA key took the researchers just under an hour, whereas obtaining a 2048-bit Diffie-Hellman key took over two hours, and a Dilithium-2 key took more than ten hours.

Protecting your devices

Adhering to basic security practices is advisable for users seeking to safeguard their devices against such vulnerabilities. Keeping macOS Gatekeeper enabled and avoiding the installation of apps from unknown sources are essential steps in maintaining security.

In summary, while discovering this flaw in Apple’s M-series chips highlights potential security concerns, the immediate risk to users remains low, thanks to the demanding requirements for executing such an attack. Nonetheless, awareness and adherence to recommended security measures are crucial for protection.

Hot this week

Figma files for IPO and plans to boost AI investment

Figma files for IPO under the ticker “FIG” and plans to boost AI investment, even if it slows short-term efficiency.

NetApp report reveals global race for AI leadership remains wide open

NetApp’s AI Space Race report shows global competition is heating up, with no clear leader as countries race to scale secure AI infrastructure.

Hundreds of Brother printers have a serious flaw you can’t entirely fix

Hundreds of Brother printers have a flaw that lets hackers guess your admin password and one critical issue can't be fixed with updates.

Google Cloud and DISG launch AI Cloud Takeoff to drive enterprise AI adoption in Singapore

Google Cloud and DISG launch AI Cloud Takeoff to help 300 companies build in-house AI centres and accelerate enterprise AI adoption in Singapore.

Meta’s copyright victory raises questions about AI fair use

Meta won a copyright case over AI training, but the judge says future rulings could differ if better arguments are made.

Meta’s investment doesn’t change Scale AI’s priorities, says new CEO

Scale AI CEO Jason Droege confirms the start-up stays independent despite Meta’s 49% stake and outlines plans for broader AI growth.

Mainland investment boom lifts Hong Kong’s market

Chinese firms turn to Hong Kong listings after mainland investors spend US$93B on stocks, eyeing global growth and fresh funding sources.

Alibaba Cloud marks 10 years in Singapore with major AI and cloud expansion

Alibaba Cloud celebrates 10 years in Singapore with global AI tools, new data centres, and expanded services for your digital transformation.

Google lets you share smart home access more easily with family and kids

Google Home lets you easily assign Admin or Member roles, even for kids under 13, to manage your smart home access better.

Related Articles

Popular Categories