All Apple Silicon M Powered Devices Have An Unpatchable Security Flaw

apple processors side channel attack gofetch

A team of researchers recently found a side-channel vulnerability in Apple’s custom SoC architecture that does not appear patchable and allows for the theft of encryption keys.

The research team, which hails from six different universities around the United States, published its findings and is calling it the GoFetch attack. This is a “microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).” DMPs are implemented in hardware and help to cache data based on predictions derived by analyzing previous use patterns. A side effect of this caching method is that data and memory addresses can get mixed together in the cache, bypassing side-channel attack prevention mechanisms.

DMPs are present across Apple’s M1, M2, and M3 processors and can be leveraged by the attack method to extract sensitive information. However, the research paper notes that disabling DMP on M1 and M2 CPUs is likely impossible, and even if it were possible, it would cause heavy performance penalties on those systems. There are some workarounds for software developers, such as using efficiency cores that do not use DMP. However, there could be performance hits for cryptographic operations, and DMP could be enabled silently in the future, causing issues once more. A few other options are also listed, all of which lay similar responsibility on developers and lead to similar performance penalties.

As a end user, it is recommended that people keep their software up to date as developers look to find solutions to this problem. With this discovery, we can expect this will not be the last side-channel attack found on Apple silicon, so stay tuned to HotHardware for the latest in Apple security.