New Apple Silicon Vulnerability Allows Attackers to Access User Data

A new vulnerability has been discovered in Apple silicon chips that could potentially allow an attacker to access a user’s data by stealing cryptographic keys. While a fix is possible, it would heavily impact encryption performance.

Security researchers have discovered a security flaw in Apple’s M-series chips used in the company’s Mac, iPad, and Vision Pro devices affecting how the chips deal with cryptographic operations, such as those used in encrypting files. The issue is in the chip’s architectural design, making it tough to fix.

As reported by ArsTechnica, a group of researchers found the issue in the chip’s data memory-dependent prefetcher (DMP). This prefetcher predicts memory addresses of data that will most likely be accessed by currently running code. An attacker could use malicious code to influence the data being prefetched, possibly allowing them to access sensitive data.

The flaw — a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

GoFetch

The attack, dubbed by researchers as “GoFetch,” takes advantage of Apple silicon DMP usage, and how a DMP could confuse the content of memory with pointer values used to load more data. The researchers say GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs). The attacks can be performed over and over, revealing the key over time.

Using a custom-built macOS testing app, the researchers were able to extract a 2,048-bit RSA key in under an hour. It took just a little over two hours to extract a 2,048-bit Diffie-Hellman key, and ten hours were required to crack a Dilithium-2 key.

The GoFetch attack doesn’t require root access and uses the same user privileges enjoyed by other third-party apps. It must be run on the same chip cluster as the cryptographic target app to work properly, and both must use the performance or efficiency cores simultaneously.

The researchers say the attack works against both classic and quantum-hardened encryption algorithms.

Unfortunately, the attack cannot be defended against with a patch in Apple silicon itself but instead requires developers of cryptographic software to work around the problem.

Also, unfortunately, any mitigation changes to guard against an attack increases the processor cycles needed to perform the operations, heavily impacting performance.

Another option concerns Apple’s latest M3 chips, which have a special bit that can be flipped to disable DMP. The performance hit that would occur by doing this is unknown.

While Apple has declined to comment on the matter, researchers say they disclosed the issue to Apple before telling the public, informing the company in early December 2023.

Real World Risks Low

The real-world risks of this attack are low for day-to-day users. A bad actor would need to first trick a user into downloading a malicious, unsigned app. Unsigned apps are blocked in macOS by default.

Also, the time required to carry out an attack in testing by researchers varied from 54 minutes to 10 hours, so the app needs to run for an extended amount of time.

The most likely long-term resolution to the vulnerability is for Apple to address the flaw in the DMP implementation in future M-series chips.