Security researchers have found a serious exploit in all Apple M-series processors. The hard-wired flaw could potentially could be used by hackers to get user credit card information or read encrypted messages.
The flaw exposes precious encryption keys, and it’s baked into the hardware — so it can’t easily be patched without a performance penalty. Here’s what you need to know.
M-series flaw allows encryption keys to be pulled from Macs
Encryption is used to keep information that travels over the internet private. It’s what makes online shopping possible. It also ensures all and sundry can’t read our texts.
Which is why it’s troubling that security researchers at some of America’s top universities found a way to make M-series processors leak the encryption keys that could unlock all of that security.
Their proof-of-concept tool, dubbed GoFetch, is complex and very technical. That’s not surprising — Apple didn’t overlook something obvious when crafting the chips used by Macs.
One of the ways M-series processors offer top performance is with a data memory-dependent prefetcher (DMP). As its name suggests, this fetches data into the CPU cache, a higher-speed pool of memory, that previous usage has demonstrated might be useful soon.
The DMP will read through the contents of program memory, look for pointers to any other locations in memory and copy the referenced data in advance. The security researchers said, “in theory, Apple’s DMP leaks memory contents via cache side channels, even if that memory is never passed as an address.”
The academics further explain, “To exploit the DMP, we craft chosen inputs to cryptographic operations, in a way where pointer-like values only appear if we have correctly guessed some bits of the secret key.” To double-check the correct memory address has been copied, they monitor the DMP to see if the pointer in cache is immediately dereferenced. “Once we make a correct guess, we proceed to guess the next batch of key bits.”
We warned you this would be technical.
How to protect your Mac
There are no examples of the DMP flaw discovered by the researchers in actual use by hackers.
The group of academics informed Apple of the problem in late 2023, but because the security flaw is built into the M-series processor it can’t be patched with software on most chips.
But there’s good news for those with Apple’s latest Macs. “We observe that the DIT bit set on M3 CPUs effectively disables the DMP,” noted the creators of GoFetch. “This is not the case for the M1 and M2.” Software that disables the DMP will run more slowly but more securely.
GoFetch doesn’t run quickly. It can take hours to discover encryption keys. And it must run on the user’s Mac. When/if it goes beyond the proof-of-concept stage, the exploit will need to be delivered in the usual ways: a virus or trojan horse. Software that protects against these should block attempts to install the malware.
What about iPhone?
The security researchers ran their tests on the M-series processors used in Mac and iPad. Apple’s A-series is a close variation used in iPhone. At this point, there’s no word on whether GoFetch could run on an iOS handset.
