Thursday, Nov 21, 2024

M1 Mac and newer models have an unpatchable vulnerability

A new vulnerability was found on M1 Mac and newer models that allow hackers to extract encryption keys. This issue is unpatchable, which means every Mac user could be compromised, but it doesn't mean you should freak out.

As first reported by Ars Technica, an academic research paper highlights this unpatchable vulnerability that can extract encryption keys from M1 Mac and newer models.

The researcher named this vulnerability GoFetch, a "microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs)."

They have found this issue with M1 Mac devices but found that M2 and M3 CPUs also exhibit "similar exploitable DMP behavior." They have not tested with other chip variants, such as M1 Max, M2 Pro, etc., but the researchers hypothesize that they're likely to be exploited as well.

How can you protect your M1 Mac against this attack?


M2 Mac mini
Image source: Christian de Looper for BGR

The researchers say that the best way to protect yourself is by constantly updating your Mac to the latest version of macOS. For developers of cryptographic libraries, they can either set the DOIT bit and DIT bit bits, which disable the DMP on some CPUs, such as M3 processors.

Still, the best way to avoid this attack is by preventing others from physically accessing your M1 Mac computer: "Preventing attackers from measuring DMP activation in the first place, for example, by avoiding hardware sharing, can further enhance the security of cryptographic protocols."

Besides that, there isn't much more you should do. The researchers warned Apple on December 5, 2023. Although the company hasn't addressed any public comment on this issue, it's possible that feature chips – or even software updates could patch this vulnerability.

You can learn more about this issue here.

Don't Miss: Researchers discover frightening new strain of macOS malware

The post M1 Mac and newer models have an unpatchable vulnerability appeared first on BGR.

Today's Top Deals

  1. Best Apple Watch deals for March 2024
  2. Best Apple deals for March 2024
  3. Amazon Big Spring Sale: Thursday’s top deals on Apple, Sonos, Keurig, Ninja, Shark, Sony, Roku, more
  4. The best hidden Amazon deals for Prime members only
------------
Read More
By: José Adorno
Title: M1 Mac and newer models have an unpatchable vulnerability
Sourced From: bgr.com/tech/m1-mac-and-newer-models-have-an-unpatchable-vulnerability/
Published Date: Fri, 22 Mar 2024 15:23:00 +0000