[ad_1]
\n<\/p>\n
A team of university security researchers has found a chip-level exploit in Apple Silicon Macs<\/a>. The group says<\/a> the flaw can bypass the computer\u2019s encryption and access its security keys, exposing the Mac\u2019s private data to hackers. The silver lining is the exploit would require you to circumvent Apple\u2019s Gatekeeper protections<\/a>, install a malicious app and then let the software run for as long as 10 hours (along with a host of other complex conditions), which reduces the odds you\u2019ll have to worry about the threat in the real world.<\/p>\n The exploit originates in a part of Apple\u2019s M-series chips called Data Memory-Dependent Prefetchers (DMPs). DMPs make the processors more efficient by preemptively caching data. The DMPs treat data patterns as directions, using them to guess what information they need to access next. This reduces turnarounds and helps lead to reactions like \u201cseriously fast,\u201d often used to describe Apple Silicon<\/a>.<\/p>\n The researchers discovered that attackers can use the DMP to bypass encryption. \u201cThrough new reverse engineering, we find that the DMP activates on behalf of potentially any program, and attempts to dereference any data brought into cache that resembles a pointer,\u201d the researchers wrote. (\u201cPointers\u201d are addresses or directions signaling where to find specific data.) \u201cThis behavior places a significant amount of program data at risk.\u201d<\/p>\n \u201cThis paper shows that the security threat from DMPs is significantly worse than previously thought and demonstrates the first end-to-end attacks on security-critical software using the Apple m-series DMP,\u201d the group wrote.<\/p>\n The researchers named the attack GoFetch, and they created an app that can access a Mac\u2019s secure data without even requiring root access. Ars Technica<\/em> Security Editor Dan Goodin explains<\/a>, \u201cM-series chips are divided into what are known as clusters. The M1, for example, has two clusters: one containing four efficiency cores and the other four performance cores. As long as the GoFetch app and the targeted cryptography app are running on the same performance cluster\u2014even when on separate cores within that cluster \u2014 GoFetch can mine enough secrets to leak a secret key.\u201d<\/p>\n The details are highly technical, but Ars Technica\u2019s write-up<\/em><\/a> is worth a read if you want to venture much further into the weeds.<\/p>\n But there are two key takeaways for the layperson: Apple can\u2019t do much to fix existing chips with software updates (at least without significantly slowing down Apple Silicon\u2019s trademark performance<\/a>), and as long as you have Apple\u2019s Gatekeeper turned on (the default), you won\u2019t likely install malicious apps in the first place. Gatekeeper only allows apps from the Mac App Store and non-App Store installations from Apple registered developers. (You may want to be extra cautious when manually approving apps from unregistered developers in macOS security settings.) If you don\u2019t install malicious apps outside those confines, the odds appear quite low this will ever affect your M-series Mac.<\/p>\n<\/div>\n