0

    ‘Unpatchable’ flaw in Apple M-series chip may allow access to encrypted data

    2024.03.22 | exchangesranking | 246onlookers
    25cc9d4a>

    New findings from academics revealed a severe vulnerability in Apple’s M-series chips, which could potentially enable malevolent actors the ability to access confidential encryption keys from Mac devices. 

    The report, published on March 21 by a group of researchers from multiple United States-based universities, identified the vulnerability as a side channel exploit, which allows hackers to illicitly obtain end-to-end encryption keys when Apple chips execute commonly used cryptographic protocols.

    However, unlike conventional vulnerabilities that can be remedied through direct patches, this particular issue is deeply rooted in the microarchitectural design of the silicon itself, calling it “unpatchable.”

    In order to properly address the flaw, third-party cryptographic software would need to be utilized and could severely hamper the performance of the Apple M-series chips, particularly the earlier iterations such as the M1 and M2 chips.

    These findings highlight a major flaw and challenge for Apple’s hardware security infrastructure. If exploited, hackers could intercept and exploit memory access patterns to extract sensitive information such as encryption keys utilized by cryptographic applications.

    Related: Apple co-founder wins against YouTube in Bitcoin scam lawsuit

    The researchers labeled this type of hack a “GoFetch” exploit. The hack functions seamlessly within the user environment and requires only standard user privileges, similar to those needed by regular applications.

    After the research surfaced users in online mac forums began to question whether or not there is now cause for major concern or necessary action regarding password keychains.

    One user said they believed that Apple will mitigate the problem within their OS directly — if not, they will be “more worried.”

    A Mac user shares their concerns on the MacRumors website. Source: Seek3r on MacRumors

    Another user said this flaw has been known to Apple for a while and pointed out that it could be why Apple’s M3 has “an added instruction to disable DMP.” The user said the previous research on the topic was called an “augury” and dates back to 2022. 

    This finding comes as Apple finds itself in an extensive antitrust lawsuit with the U.S. Department of Justice (DOJ), which claims its app store rules and “monopoly” illegally throttled competition and suffocated innovation.

    The DOJ has also alleged that Apple severed access to competing digital wallets which provide a “wide variety of enhanced features,” while blocking developers from providing their own payment services to users.

    Magazine: Why boomers ‘like’ AI pics on Facebook, mind-reading AI breakthrough: AI Eye

    The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other ssues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.