A team of university security researchers found an exploit at the chip level Apple Silicon Mac. Group he says the flaw could bypass a computer’s encryption and gain access to its security keys, exposing your Mac’s personal information to hackers. The silver lining is an exploit that will require you to bypass it Apple’s Gatekeeper protectionsinstall the malware and then let the software run for up to 10 hours (along with a number of other complex conditions), making it less likely to worry about a real-world threat.
The exploit originates from a part of Apple’s M-series chips called Data Memory-Dependent Prefetchers (DMP). DMPs make processors more efficient by pre-caching data. DMPs treat data samples as directions and use them to predict what data they need to retrieve next. This slows down the turns and often leads to reactions like “seriously fast”. Used to describe Apple Silicon.
Researchers have discovered that attackers can use DMP to bypass encryption. “Through novel reverse engineering, we discover that DMP potentially activates on behalf of any application and attempts to invalidate any information brought into the pointer-like cache,” the researchers said. (“Pointers” are addresses or directions that indicate where to find specific data.) “This behavior puts a significant amount of program data at risk.”
“This paper shows that the security threat from DMPs is significantly worse than previously thought, and demonstrates the first head-to-head attacks on security-critical software using the Apple m-series DMP,” the group said.
The researchers named the attack GoFetch, and they created a program that can access a Mac’s secure data without even needing root access. Ars Technica Security Editor Dan Goodin explains, “The M series chips are divided into what are known as clusters. For example, the M1 has two clusters: one containing four efficiency cores and one containing four performance cores. As long as the GoFetch application and the targeted cryptographic application are running on the same performance cluster, even on separate cores within that cluster, GoFetch can learn enough secrets to leak the private key.”
The details are very technical, however Article by Ars Technica worth a read if you want to get more into the weeds.
But there are two key takeaways for the business person: Apple can’t do much to fix existing chips with software updates (at least not without significant slowdowns). Apple Silicon’s trademark performance) and as long as Apple’s Gatekeeper is enabled (the default), you won’t be able to install malware in the first place. Gatekeeper only allows apps from the Mac App Store and non-App Store installations from Apple-registered developers. (You may want to be very careful when manually approving apps from unregistered developers in macOS security settings.) Unless you install malware outside of these limits, the odds seem pretty low that it will affect an M-series Mac.
