Türkçe
Español
Academics have uncovered a serious security vulnerability in Apple’s M series chips that could allow malicious individuals to access secret encryption keys from MacBook devices. A report published on March 21 by a group of researchers from several universities in the United States identified a type of side-channel attack that could enable hackers to illegally obtain end-to-end encryption keys when Apple chips run commonly used cryptographic protocols.
Apple’s M Series Chip Vulnerability Raises Concerns
Unlike traditional security vulnerabilities that can be addressed with direct patches, this particular issue is deeply rooted in the microarchitectural design of the silicon, making it unpatchable. Properly addressing the vulnerability will require the use of third-party cryptographic software and could significantly hinder the performance of Apple M series chips, especially earlier iterations such as the M1 and M2 chips.
These findings highlight a major flaw and challenge for Apple’s hardware security infrastructure. Hackers could interfere with and exploit memory access patterns to obtain sensitive information, such as encryption keys used by cryptographic applications. Researchers have named this type of attack the “GoFetch” attack. The attack operates seamlessly in the user environment and requires only standard user privileges, similar to those required by normal applications.
Noteworthy Details on the Issue
Following the emergence of the research, users on online Mac forums began questioning whether there is now a significant concern or a need for action regarding password keychains. One user expressed belief that Apple would mitigate the issue directly within the operating system, otherwise, they would be more worried.
Another user mentioned that Apple has been aware of this vulnerability for some time and suggested that the presence of an additional instruction to disable DMP in the M3 chip might be due to this reason. The user mentioned that previous research on the subject was called prophecy and dates back to 2022.
This data surfaced as Apple finds itself in the midst of a comprehensive process with the US Department of Justice, which claims that Apple’s App Store rules and monopoly illegally reduce competition and stifle innovation. The US Department of Justice also alleged that Apple cut off access to rival crypto wallets offering a wide range of advanced features and prevented developers from offering their own payment services to users.
