Mark Coppock / Digital Trends
Apple prides itself on the security of its devices, but that doesn’t mean they’re immune to malicious attacks. That point has just been proven by researchers who say they’ve discovered a major new vulnerability in any Mac that runs on an Apple silicon chip, according to a report from Ars Technica. Worst of all, it looks like the problem is completely unpatchable.
So, what’s the flaw? According to the researchers, it all comes down to components called data memory-dependent prefetchers (DMPs). Essentially, these predict what data is going to be needed next and preemptively retrieve it. The idea is that this saves on computing resources, but they leave a potential window open to attack.
Recommended Videos
If that opportunity is exploited, and attacker could steal a Mac’s encryption keys, even when they’re protected by cryptographic apps designed to keep them safe. That could potentially give a malicious actor wide-ranging access to what’s stored on your Mac.
Related
-
5 reasons your MacBook keeps restarting and how to fix it
-
As a recent Mac convert, here’s what has surprised me most
-
In the age of ChatGPT, Macs are under malware assault
But unlike most modern vulnerabilities, the researchers say this one cannot be patched because it is inherent to the “microarchitectural” design of Apple silicon chips. There are steps that can be taken to mitigate it, but they might have a serious impact on the performance of the affected chips.
Sora Shimazaki / Pexels
This is an issue affecting Apple silicon chips and, unfortunately, it seems that that means every Apple silicon chip generation. So, it’s not something you can avoid if you have the latest M3 MacBook Pro, for example.
The researchers dubbed the exploit GoFetch, and it’s not known if it has been used in the wild yet. Using the attack, the team was apparently able to extract a 2048-bit RSA key in under an hour, which is pretty fast.
According to the researchers, they first brought the flaw to Apple’s attention on December 5, 2023, and waited 107 days before making it public.
The only bright side is that this attack is unlikely to be used on regular Apple users. But that’s not much comfort when we know there’s very little Apple can do to banish the issue once and for all. We’ll have to see what — if anything — Apple is able to do to fix it and keep your Mac safe.