“Cannot be patched”: Vulnerability discovered in Apple chips

class = “sc-cffd1e67-0 iQNQmc”>

Security vulnerabilities in processors are a disaster for manufacturers. In 2018, Specter and Meltdown vulnerabilities in Intel, AMD and ARM processors made headlines around the world. Billions of devices were at risk.

Now, a report on Apple processors by a team of researchers from several American universities is making people sit up and take notice. They discovered a critical vulnerability in M-series chips that allows attackers to obtain cryptographic keys. The vulnerability is called Gofetch. Apple uses M1, M2 and M3 processors in Macs and some iPads. This means potentially millions of devices are affected.

The most sensitive data is at risk

Mashable.com writes that, in principle, the vulnerability is present in all Apple computers released between the end of 2020 and today. The consequences of this are serious. Gofetch allows attackers to bypass encryption and access the user’s most sensitive data.

The discovered vulnerability is based on an optimization function of the chips called Data Memory Dependent Prefetcher (DMP). This aims to improve the performance of the chips by allowing DMP to predict what data will be needed in the near future and then load that data into the CPU cache. It was now possible to take full advantage of this prediction.

Who was affected?

Researchers have shown that they can read complex cryptographic keys for encryption with an effort of anywhere from 30 minutes to 14 hours. According to researchers, Apple was notified of this vulnerability on December 5, 2023.

So who exactly is affected by this gap? “This is primarily a problem for servers (with TLS) or organizations where users encrypt their information. “In principle, any organization using Apple processors and using encryption should be worried,” an IT expert explains to scmagazine.com.

Problem: In an email to specialist journal arstechnica.com, researchers explain that the fix is ​​not easy because the problem lies in the architecture of the chip. Additionally, security measures that can help resolve the issue will also affect the performance of M series chips.

Cheating can solve the problem

But there is also good news. On the one hand, a lot of technical know-how is required to exploit this vulnerability. On the other hand, techradar.com explains that in the case of Gofetch, the drop in performance only affects encryption functions, so this shouldn’t be a big problem for most users.

As Theregister.com explains, there may already be a temporary solution. According to the magazine, M chips have two types of cores: Firestorm and Icestorm. Gofetch only works with Firestorm. In particular, this means that if the encryption functions are ported to Icestorm, the problem will be solved. This also affects performance but not security. The relevant request from Blick to Apple is still pending.

Source :Blick