TLDR:
- Apple M-series chips have a major hardware flaw called GoFetch
- The flaw exposes cryptographic keys, potentially compromising encrypted data
The article discusses a critical security flaw in Apple M-series chips known as GoFetch that exposes cryptographic keys, allowing attackers to potentially reveal encrypted data. The flaw stems from the data memory-dependent prefetcher (DMP) in the M-chips, which predicts memory addresses to improve computer speed and computing performance. However, researchers found that the vulnerability in DMP poses severe risks and cannot be easily fixed with a software patch. Instead, protective code would need to be added to third-party encryption software, potentially slowing down performance on older Mac models. The article highlights the importance of balancing security and performance in vulnerability management, as sacrificing security for speed can leave users vulnerable to attacks. Apple has suggested enabling data-independent timing (DIT) for M-3 chip devices to mitigate the flaw, but other defense approaches include running cryptographic code on different cores and implementing cryptographic blinding-like techniques. Organizations and users using Mac devices are advised to increase their defenses against potential attacks exploiting the GoFetch vulnerability.