Researchers have found an un-patchable vulnerability in the latest Apple Silicon M-series chips, including M1, M2, and M3. M-series chips are used in the latest Mac and MacBook devices.
‘GoFetch’ Vulnerability
Researchers are calling it ‘GoFetch‘, as it allows hackers to gain backdoor access to secret encryption keys on Macs and MacBooks.
The vulnerability lies with the components called ‘prefetchers’. The main job of Prefetchers is to retrieve data before it is requested, which results in increasing processing speed.
But, these prefetchers also create a door for malicious attacks. The researchers have called this vulnerability ‘GoFetch’. Researchers have described it as a microarchitectural side-channel attack used in extracting secret keys from the cryptographic implementations via memory-dependent prefetchers (DMPs).
The researchers informed Apple on December 5, 2023, but Apple didn’t give enough attention. After no positive replies from Apple, the researchers have made this information public.
Side-Channel Attack
A side-channel attack is a cyber attack that utilizes extra information that is left vulnerable due to the design of an algorithm or computer protocol. In this scenario, the DMPs that are installed in Apple Silicon chips can give access to sensitive information to hackers.
Solution?
This vulnerability cannot be patched with software because the real issue is with the microarchitectural design of these chips. Any changes to the design will degrade the performance of these chips.
If Apple tries to fix it in the M4 chipset, it will surely see poor performance, meaning, an M4 chip will run like an M2 chip with a fix.