M1 Mac and newer have an unpatchable vulnerability
A new vulnerability was found on M1 Mac and newer models that allow hackers to extract encryption keys. This issue is unpatchable, which means every Mac user could be compromised, but it doesn’t mean you should freak out.
As first reported by Ars Technica, an academic research paper highlights this unpatchable vulnerability that can extract encryption keys from M1 Mac and newer models.
The researcher named this vulnerability GoFetch, a “microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).”
They have found this issue with M1 Mac devices but found that M2 and M3 CPUs also exhibit “similar exploitable DMP behavior.” They have not tested with other chip variants, such as M1 Max, M2 Pro, etc., but the researchers hypothesize that they’re likely to be exploited as well.
How can you protect your M1 Mac against this attack?
The researchers say that the best way to protect yourself is by constantly updating your Mac to the latest version of macOS. For developers of cryptographic libraries, they can either set the DOIT bit and DIT bit bits, which disable the DMP on some CPUs, such as M3 processors.
Still, the best way to avoid this attack is by preventing others from physically accessing your M1 Mac computer: “Preventing attackers from measuring DMP activation in the first place, for example, by avoiding hardware sharing, can further enhance the security of cryptographic protocols.”
Besides that, there isn’t much more you should do. The researchers warned Apple on December 5, 2023. Although the company hasn’t addressed any public comment on this issue, it’s possible that feature chips – or even software updates could patch this vulnerability.
You can learn more about this issue here.
A new vulnerability was found on M1 Mac and newer models that allow hackers to extract encryption keys. This issue is unpatchable, which means every Mac user could be compromised, but it doesn’t mean you should freak out.
As first reported by Ars Technica, an academic research paper highlights this unpatchable vulnerability that can extract encryption keys from M1 Mac and newer models.
The researcher named this vulnerability GoFetch, a “microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).”
They have found this issue with M1 Mac devices but found that M2 and M3 CPUs also exhibit “similar exploitable DMP behavior.” They have not tested with other chip variants, such as M1 Max, M2 Pro, etc., but the researchers hypothesize that they’re likely to be exploited as well.
How can you protect your M1 Mac against this attack?
The researchers say that the best way to protect yourself is by constantly updating your Mac to the latest version of macOS. For developers of cryptographic libraries, they can either set the DOIT bit and DIT bit bits, which disable the DMP on some CPUs, such as M3 processors.
Still, the best way to avoid this attack is by preventing others from physically accessing your M1 Mac computer: “Preventing attackers from measuring DMP activation in the first place, for example, by avoiding hardware sharing, can further enhance the security of cryptographic protocols.”
Besides that, there isn’t much more you should do. The researchers warned Apple on December 5, 2023. Although the company hasn’t addressed any public comment on this issue, it’s possible that feature chips – or even software updates could patch this vulnerability.
You can learn more about this issue here.
Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.