Researchers have uncovered a significant security vulnerability in Apple’s M-series chips, raising concerns about the safety of crypto private keys stored on Mac computers.
According to a recent report , the vulnerability, a side-channel exploit, allows malicious actors to extract encryption keys while the Apple chips are executing commonly used cryptographic protocols.
Unlike typical vulnerabilities that can be addressed through software patches, this particular flaw resides in the microarchitectural design of the chips themselves, rendering it “unpatchable.”
To mitigate the issue, third-party cryptographic software would need to be employed, but this could severely impact the performance of earlier M-series chips, including the M1 and M2.
The findings shed light on a fundamental weakness in Apple’s hardware security infrastructure.
Hackers can intercept and exploit memory access patterns to gain unauthorized access to sensitive information, including encryption keys utilized by cryptographic applications.
The researchers have given this type of attack the name “GoFetch” exploit, which operates seamlessly within the user environment and requires standard user privileges like regular applications.
Following the disclosure of this research, Mac users in online forums have expressed concerns and raised questions about the potential impact on password keychains.
Some users believe that Apple will address the problem directly within its operating system, while others express greater worry if the company fails to do so.
One user pointed out that Apple might already be aware of this flaw, speculating that the upcoming M3 chip includes an additional instruction to disable the vulnerable feature.
They referred
Read more on cryptonews.com