A novel vulnerability in Apple’s M-series semiconductors has been identified as “unpatchable,” which might provide hackers access to decrypted data and secret keys stored on Mac computers.
According to recent research, there is a serious flaw in Apple’s M-series semiconductors that might allow malicious actors to obtain private encryption keys from MacBook computers.
A team of researchers from several US colleges released a study on March 21st, identifying the vulnerability as a side channel exploit that lets hackers steal end-to-end encryption keys when Apple chips run popular cryptographic protocols.
But unlike traditional vulnerabilities that can be fixed with straightforward patches, this specific problem is deeply ingrained in the silicon’s microarchitectural design, rendering it “unpatchable.”
Third-party cryptographic software would have to be used to fully fix the problem, which might seriously impair the performance of the Apple M-series chips—especially the M1 and M2 chips—in the early editions.
These results point to a significant weakness and difficulty with Apple’s hardware security framework. Hackers may be able to obtain sensitive data, including encryption keys used by cryptographic apps, by intercepting and using memory access patterns.
This kind of technique was named as a “GoFetch” exploit by the researchers. The hack requires standard user privileges, the same as those required by conventional applications, and operates without any issues within the user context.
Users in online Mac communities started to wonder whether there was now a need for serious worry or action regarding password keychains once the findings revealed.
One user expressed their belief that Apple will immediately address the issue with their operating system; if not, they would become “more concerned.”
Another user noted that Apple has been aware of this issue for some time and said that this is the reason the M3 includes “an additional instruction to disable DMP.” The user said that earlier studies on the subject, which began in 2022, were referred to as “auguries.”
This discovery coincides with Apple’s involvement in a protracted antitrust litigation against the United States Department of Justice (DOJ), which contends that Apple’s policies and “monopoly” in the Apple App Store unlawfully restricted competition and stifled innovation.
Additionally, the DOJ has claimed that Apple prevented developers from offering their own payment services to customers and blocked access to rival digital wallets that offer a “wide variety of enhanced features.”
