1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Some Apple CPUs have an "unfixable" security flaw and they're le

    From TechnologyDaily@1337:1/100 to All on Fri Mar 22 16:45:05 2024
    Some Apple CPUs have an "unfixable" security flaw and they're leaking secret encryption keys

    Date:
    Fri, 22 Mar 2024 16:39:24 +0000

    Description:
    The attack is difficult to pull off, but a patch might hurt your Macs performance.

    FULL STORY ======================================================================

    Researchers have discovered a new side-channel vulnerability in Apples M-series of processors that they claim could be used to extract secret keys from Mac devices when theyre performing cryptographic operations.

    Academic researchers from the University of Illinois Urbana-Champaign, University of Texas at Austin, Georgia Institute of Technology, University of California, University of Washington, and Carnegie Mellon University, explained in a research paper that the vulnerability, dubbed GoFetch, was found in the chips data memory-dependent prefetcher (DPM), a optimization mechanism that predicts the memory addresses of data that active code could access in the near future.

    Since the data is loaded in advance, the chip makes performance gains. However, as the prefetchers make predictions based on previous access patterns, they also create changes in state that the attackers can observe, and then use to leak sensitive information. GoFetch risk

    The vulnerability is not unlike the one abused in Spectre/Meltdown attacks as those, too, observed the data the chips loaded in advance, in order to
    improve the performance of the silicon.

    The researchers also noted that this vulnerability is basically unpatchable, since its derived from the design of the M chips themselves. Instead of a patch, the only thing developers can do is build defenses into third-party cryptographic software. The caveat with this approach is that it could severely hinder the processors performance for cryptographic operations.

    Apple has so far declined to discuss the researchers findings, and stressed that any performance hits would only be visible during cryptographic operations.

    While the vulnerability itself might not affect the regular Joe, a future patch hurting the devices performance just might.

    Those interested in reading about GoFetch in depth, should check out the research paper here .

    Via Ars Technica More from TechRadar Pro This nasty new Android malware can easily bypass Google Play security and it's already been downloaded
    thousands of times Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/some-apple-cpus-have-an-unfixable-secur ity-flaw-and-theyre-leaking-secret-encryption-keys


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)