Apple Faces Major Security Flaw in M-Series Chips, User Data at Risk
Apple recently encountered a significant security vulnerability that impacted the security of its in-house chips. According to security experts, this flaw was found within Apple’s Apple Silicon chips, potentially exploitable by hackers to access user data, leading to risks of personal privacy breach and data security compromise. Experts mentioned that while the vulnerability could be mitigated, the process of fixing it might heavily impact the chip’s performance, posing a challenge for both users and Apple.
The flaw resides in the chip’s Data Memory-Dependent Prefetcher (DMP) component, part of the memory system responsible for predicting the memory address where the most likely accessed data by the current code lies. Hackers could exploit this flaw to obtain encryption keys, enabling them to access sensitive user data. This type of attack has been termed “GoFetch” by experts.
The attack’s principle involves hackers disguising data as a pointer, tricking the DMP into caching the data. While this attack may not immediately break encryption keys, hackers could eventually obtain the keys through repeated attempts. What is most concerning is that the user privileges required for this attack are similar to many other third-party macOS applications, not needing root access, thus lowering the bar for executing the attack.
Researcher tests revealed that their application could extract a 2048-bit RSA key within less than an hour, and a 2048-bit Diffie-Hellman key in just over two hours. However, due to the core nature of this flaw within Apple Silicon chips, a full fix is not immediately achievable. Any deployed mitigation measures could potentially increase the workload required for operations, thus affecting performance.
To address this issue, both Apple and security experts are diligently seeking solutions to ensure the security and privacy protection of user data. Nonetheless, the process of fixing the flaw may require a delicate balance between performance and security, particularly crucial for Apple devices using the M-series chips.
Despite this security vulnerability, in order to safeguard user privacy and data security, Apple will need to take necessary measures to mitigate risks. This might involve enhancing defense mechanisms in third-party encryption software, but careful consideration is needed for the impact of these measures on chip performance, especially for early M1 and M2 series chips.
Disclaimer: The above content is compiled from online sources for educational purposes only. If there are any content or copyright issues, please leave a message for us to address accordingly.