New research conducted by a group of academic researchers from various US universities has uncovered a significant vulnerability in Apple’s M-series chips. This flaw could potentially give malicious individuals unauthorized access to confidential encryption keys stored on Mac devices. The vulnerability, known as a side channel exploit, allows hackers to obtain end-to-end encryption keys when Apple chips execute commonly used cryptographic protocols. What makes this particular issue troublesome is that it cannot be fixed through direct patches, as it is rooted in the microarchitectural design of the silicon itself. This makes it essentially “unpatchable.”
To address this flaw, third-party cryptographic software would need to be used, but this could severely impact the performance of Apple’s M-series chips, especially earlier iterations like the M1 and M2 chips. These findings expose a significant flaw in Apple’s hardware security infrastructure. If exploited, hackers could intercept and exploit memory access patterns to extract sensitive information such as encryption keys used by cryptographic applications. The researchers have labeled this type of hack as a “GoFetch” exploit, which operates smoothly within the user environment and only requires standard user privileges.
Following the publication of this research, users in online Mac forums have expressed concerns and raised questions about whether they should be worried and what actions need to be taken, particularly regarding password keychains. Some users believe that Apple will address the issue directly through their operating system, while others argue that Apple has been aware of this flaw for some time, citing an instruction to disable DMP in the M3 chip as evidence. They mention previous research on this topic dating back to 2022.
Interestingly, these findings emerge within the context of Apple’s ongoing antitrust lawsuit with the US Department of Justice (DOJ). The DOJ alleges that Apple’s app store rules and alleged “monopoly” have hindered competition and stifled innovation. Apple has been accused of blocking access to competing digital wallets and preventing developers from offering their own payment services to users, further complicating its legal situation.
