A new vulnerability in Apple’s M-series chips poses a significant risk, allowing attackers to extract secret keys from Macs when they perform widely used cryptographic operations. Unlike conventional vulnerabilities that can be remedied through direct patches, this particular issue is deeply rooted in the microarchitectural design of the silicon itself, making it “unpatchable.”
The vulnerability resides in the chips’ data-memory-dependent prefetcher (DMP). This hardware optimization predicts and loads data into the CPU cache before it’s needed. Improving the speed of memory and CPU can lead to security risks, allowing malicious software to steal cryptographic keys.
Researchers discovered that Apple’s DMPs sometimes confuse memory content, such as key material, with pointer values used to load other data. This “dereferencing” of “pointers” violates the constant-time paradigm, a programming approach designed to prevent side-channel attacks by ensuring that all operations take the same amount of time to complete, regardless of their operands.
The vulnerability can only be mitigated by building defenses into third-party cryptographic software, which could significantly degrade the performance of M-series chips, particularly the earlier M1 and M2 generations when executing cryptographic operations.
The vulnerability can be exploited when the targeted cryptographic operation and the malicious application are used with normal user systems. A new vulnerability in Apple’s M-series chips allows attackers to extract secret keys, posing significant security risks.
Also Read: NVIDIA Omniverse Expands with Apple Vision Pro Integration
