A newly identified security flaw in Apple‘s Mac and MacBook computers poses a significant threat worldwide, as it cannot be remedied with a software update.
This flaw was uncovered by academic researchers and initially reported by Ars Technica. It affects Apple’s latest Silicon M-Series chipsets, which includes models such as the M1, M2, and M3 found in MacBooks and Macs released from late 2020 onwards.
The vulnerability centers on a component known as prefetchers, which are designed to improve processing speed by preemptively fetching data. Unfortunately, these prefetchers create an opportunity for cybercriminals to launch attacks.
The attack, called as “GoFetch” by the researchers, is a sophisticated technique that can extract secret cryptographic keys through the exploitation of data memory-dependent prefetchers (DMPs). These DMPs differ from standard prefetchers because they utilize data values to predict future data addresses, inadvertently treating some non-address data as pointers, leading to unintended data being cached. This process, when manipulated, can reveal sensitive information like encryption keys through side-channel attacks, which exploit indirect information leaks caused by a computer system’s structure.
See also: How to check if your MacBook is new or refurbished
For instance, the researchers demonstrated that an attacker could extract a 2048-bit RSA encryption key in less than an hour using this method.
One of the most concerning aspects of this vulnerability is that it is deemed “unpatchable.” The flaw is embedded within the microarchitectural design of the chipset itself, and any attempt to mitigate the issue would significantly impair the performance of the M-series chips.
Apple was informed of these findings by the researchers on December 5, 2023. After waiting 107 days without a resolution, the researchers decided to make their discovery public.