A group of researchers discovered a huge vulnerability security that affects M1, M2 and M3 chips What Apple runs on their latest computers. This vulnerability, called Fetchessteals cryptographic information from the processor cache, allowing an attacking program to construct a cryptographic key from the stolen data, thereby allowing the application to access sensitive encrypted data.
As if the vulnerabilities weren’t important enough in themselves, apparently this problem cannot be fixed by hardware, that is, when a solution arrives – if it arrives – it will not be rooted in chip manufacturing, but will come via software. /firmware.
How GoFetch Steals Your Data
GoFetch takes advantage of an overlooked security flaw in Apple processors and, as the name suggests, it is the latest generation of memory-dependent prefetcher (DMP). This preloader is only found in Apple M1, M2, and M3 processors, as well as Intel Raptor Lake processors, although this vulnerability exists for the latter for an unknown reason.
This vulnerability allows memory contents to be loaded into the processor cache before it is necessary. The prefetcher will load the key items into the processor cache with a pointer value used to load other data. Sometimes the DMP confuses the memory contents and loads inappropriate data into the CPU cache, allowing, as we said before, an application to access it.
The biggest problem with this vulnerability affecting new Apple computers is that it completely neutralizes the security effects of constant-time programming (this is a mitigation encryption algorithm designed to prevent cache-related attacks processor). The result is that applications that use GoFetch can “trick” the encryption software by placing sensitive data in the cache, where the application can access it to “steal” it.
This is a very serious vulnerability
As we already mentioned, this vulnerability is quite serious, since it affects all types of encryption algorithms (including the powerful 2048-bit keys used today). But the worst part is that, unfortunately, there seems to be no way to fix this problem at the hardware level, and the only way to mitigate its effects is to resort to software solutions that slow down the encryption and decryption performance of the CPU . Technically, developers could force their encryption software to run only on efficiency cores, which do not have this prefetching.
The only exception is Apple’s latest M3 processor, which is supposed to incorporate some sort of switch that developers can turn on and off to override the prefetcher. However, at the moment, no one knows how much performance will be lost by doing this, and from what we personally know, it could significantly harm performance.
As we mentioned at the beginning, this vulnerability only affects (to our knowledge) Apple M1, M2 and M3 processors, not 13th and 14th generation Intel Core processors, even though they also have a prereading; This shows that this is something that should be fixable at the hardware level, so it is likely that for the next generations of Apple processors (M4?) this will already be fixed.
At the moment, Apple has not released any release date for a solution to the problem, but due to its severity, it is expected that it will not take long.
