Hackers can exploit flaw in Apple M series processors | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Security researchers created an exploit that forces Apple processors to divulge cryptographic data. Their proof-of-concept tool, dubbed GoFetch, demonstrates that a flaw in the chips potentially could be used by hackers to get user credit card information or read encrypted messages.

The newest M3 processor can block the exploit but not earlier chips. But there are ways to protect your Mac.

M series flaw allows encryption data to be pulled from Macs

Encryption is used to keep information that travels over the internet private. It’s what makes online shopping possible. It also ensures all and sundry can’t read our texts.

Which is why it’s troubling that security researchers at some of America’s top universities found a way to make M series processors leak encryption data.

The details of how GoFetch work are complex and very technical. That’s not surprising — Apple didn’t overlook something obvious when crafting the chips used by Macs.

One of the ways M series processors offer top performance is with a data memory-dependent prefetcher (DMP). As its name suggests, this fetches data into the CPU cache that previous usage has demonstrated might be useful soon. To get technical, it “looks at cache memory content for possible pointer values, and prefetches the data at those locations into cache if it sees memory access patterns that suggest following those pointers would be useful,” explains Wikipedia.

The security researchers said the DMP “will attempt to prefetch addresses found in the contents of program memory. Thus, in theory, Apple’s DMP leaks memory contents via cache side channels, even if that memory is never passed as an address to a memory/control-flow instruction.”

The academics further explain, “To exploit the DMP, we craft chosen inputs to cryptographic operations, in a way where pointer-like values only appear if we have correctly guessed some bits of the secret key. We verify these guesses by monitoring whether the DMP performs a dereference through cache-timing analysis. Once we make a correct guess, we proceed to guess the next batch of key bits.”

We warned you this would be technical.

How to protect your Mac

There are no examples of the DMP flaw discovered by the researchers in actual use by hackers.

The group of academics informed Apple of the problem in late 2023, but because the security flaw is built into the M series processor it can’t be patched with software on most chips.

But there’s good news for those with Apple’s latest Macs. “We observe that the DIT bit set on M3 CPUs effectively disables the DMP,” noted the creators of GoFetch. “This is not the case for the M1 and M2.” Software that disables the DMP will run more slowly but more securely.

GoFetch doesn’t run quickly. It can take hours to discover encryption keys. And it must run on the user’s Mac. When/if it goes beyond the proof-of-concept stage, the exploit will need to be delivered in the usual ways: a virus or trojan horse. Software that protects against these should block attempts to install the malware.

What about iPhone?

The security researchers ran their tests on the M series processors used in Mac and iPad. Apple’s A series is a close variation used in iPhone. At this point, there’s no word on whether GoFetch could run on an iOS handset.


// stack social info
fbq(‘init’, ‘309115492766084’);
fbq(‘track’, ‘EditorialView’);


Click Here For The Original Story From This Source.


National Cyber Security