A new security vulnerability has been discovered in Apple's Mac and Tina Tyler ArchivesMacBook computers – and the worst part is that it's unpatchable.
Academic researchers discoveredthe vulnerability, first reported by Ars Technica, which allows hackers to gain access to secret encryption keys on Apple computers with Apple's new Silicon M-Series chipset. This includes the M1, M2, and M3 Apple MacBook and Mac computer models.
SEE ALSO: Bing vulnerability made it possible to alter search resultsBasically, this vulnerability can be found in any new Apple computer released from late 2020 to today.
The issue lies with prefetchers— components meant to predictively retrieve data before a request to increase processing speed — and the opening they leave for malicious attacks from bad actors.
The researchers have dubbed the attack "GoFetch," which they describe as "a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs)."
A side-channel attack is a type of cyber attack that uses extra information that's left vulnerable due to the design of a computer protocol or algorithm.
The researchers explained the issue in an email to Ars Technica:
Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is different in this sense as in addition to addresses it also uses the data values in order to make predictions (predict addresses to go to and prefetch). In particular, if a data value "looks like" a pointer, it will be treated as an "address" (where in fact it's actually not!) and the data from this "address" will be brought to the cache. The arrival of this address into the cache is visible, leaking over cache side channels.
Our attack exploits this fact. We cannot leak encryption keys directly, but what we can do is manipulate intermediate data inside the encryption algorithm to look like a pointer via a chosen input attack. The DMP then sees that the data value "looks like" an address, and brings the data from this "address" into the cache, which leaks the "address." We don’t care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.
Basically, the researchers discovered that the DMPs in Apple's Silicon chipsets – M1, M2 and, M3 – can give hackers access to sensitive information, like secret encryption keys. The DMPs can be weaponized to get around security found in cryptography apps, and they can do so quickly too. For example, the researchers were able to extract an 2048-bit RSA key in under one hour.
Usually, when a security flaw is discovered nowadays, a company can patch the issue with a software fix. However, the researchers say this one is unpatchable because the issue lies with the "microarchitectural" design of the chip. Furthermore, security measures taken to help mitigate the issue would require a serious degradation of the M-series chips' performance.
Researchers saythat they first brought their findings to Apple's attention on December 5, 2023. They waited 107 days before disclosing their research to the public.
Topics Apple Cybersecurity MacBook
#rateaspecies is basically Yelp reviews for zoo animals
Adele freaks out mid
Apple will replace some iPhone batteries for free
Ignore the claim that streaming Netflix ‘makes climate change worse’
SpaceX's Starlink satellite launch in pictures
Your future TV could bend and roll on command
Iguana, who answers to no man, wreaks havoc at the Miami Open tennis tournament
Iguana, who answers to no man, wreaks havoc at the Miami Open tennis tournament
Best headphone deal: Take 22% off the Sonos Ace at Amazon
I have seen the AI dystopia, and it looks like Neon's artificial humans
How to Reboot and Reset Android Devices
What's Apple's tax bill in New Zealand? Why it's zero, niet, nada.
The Tesla of motorcycles probably doesn't have to worry about Tesla
Facebook redesign with dark mode rolls out for some users
Best IPL deal: Save $80 on Braun IPL Silk·Expert
Scammers are trying to fool people into thinking they've been drafted
Critics who called out Chelsea Clinton for 'Lifetime Impact Award' made one large error
My first self
How to Settle Down with Dystopia
Apple will replace some iPhone batteries for free
75 years of the Windrush generation: These 2 new podcasts are a mustDr. Anthony Fauci vaccinated Santa Claus himself, he saidBull City Summer by Adam SobseyAn Enormous Amount of Pictures: In the Studio with Miriam Katin by Yevgeniya TrapsThe Tiny Gatsby by Sadie SteinBuy Tiffany’s, and Other News by Sadie SteinWild and Crazy Libraries, and Other News by Sadie SteinNo more news on Facebook or Instagram in Canada soonWhat We’re Loving: Trains, Stalkers, and Virgins by The Paris ReviewNo more news on Facebook or Instagram in Canada soonHemingway Moves North, and Other News by Sadie SteinFalling Men: On Don DeLillo and Terror by Chris CummingLG is bringing Apple AirPlay to hotel room TVs7 trends that shaped TikTok in 2020“All They Do Is Eat,” And Other News by Sadie SteinStandBy on iOS 17: What it is and how to use it.Poets Without Clothes, and Other News by Sadie SteinHow young Montana residents made a case for climate action in courtFigma offers free design program to all KThe Paris Review Wins National Magazine Award by Lorin Stein Everyone needs to watch SpaceX's possible 20th rocket landing Tuesday The DOJ is right about the 'green bubbles' in Apple iPhone Messages. Here's why. '3 Body Problem': Fairy tales might be a big clue in the Netflix series Grim video of a starving polar bear could show the species' future 'The Boy and the Heron' is coming to Netflix UConn vs. Stetson basketball livestreams: How to watch live Classified Zuma spacecraft may have failed after SpaceX launch Baylor vs. Colgate basketball livestreams: How to watch live Wordle today: The answer and hints for March 22 The 'Late Night with the Devil' AI controversy, explained Auburn vs. Yale basketball livestreams: How to watch live MSU vs. Mississippi State basketball livestreams: How to watch live Duke vs. UVM basketball livestreams: How to watch live Best Prime deals at Amazon: Score sale prices on Kindle, Dyson, Bissell, and more SpaceX launches secret government payload, brings rocket back home Purdue vs. Grambling basketball livestreams: How to watch live Arizona vs. Long Beach State basketball livestreams: How to watch live ISU vs. SDSU basketball livestreams, game time Nuclear fusion company says it will make carbon Intense video shows snowy pileup involving more than 75 vehicles
2.5258s , 8225.6484375 kb
Copyright © 2025 Powered by 【Tina Tyler Archives】,New Knowledge Information Network