Unpatchable Apple Silicon vulnerability could leak encryption keys

In brief: Hardware-based security flaws have become more frequent over the last several years but have mostly affected Intel and AMD processors. Now, Apple joins those ranks with a recently discovered vulnerability that causes Mac M-series CPUs to expose encryption keys. Since it is hardware-based, there is little users can do besides keeping macOS updated.

A recently published paper describes a flaw primarily affecting Apple Silicon that allows attackers to circumvent end-to-end encryption through a side-channel attack on the company's devices. Anyone developing encryption software for Macs likely needs to rethink their security procedures.

The security analysts confirmed the exploit, dubbed GoFetch, works on M1 CPUs and speculate that it likely also impacts M2 and M3 chips and their Pro and Max variants. Intel's 13th-generation Raptor Lake processors also exhibit the flaw that enables GoFetch but are probably unaffected.

The problem lies with the data memory-dependent prefetcher (DMP) – a CPU feature that improves performance by pulling pre-cached data based on predictions. Constant-time programming, which strictly controls the speed of a system's operations, would typically protect against side-channel attacks. Unfortunately, the DMP breaks the feature, hobbling a vital security layer.

The researchers told Ars Technica that GoFetch manipulates the DMP into leaking enough data into the cache over time for an attacker to determine an end-to-end encryption key. All that users can do to mitigate GoFetch is to keep their Macs updated. Cryptographic library developers have a few options, but they come with drawbacks.

The nuclear option would be to disable DMP entirely, but this only works on M3 processors and significantly impacts performance. Alternatively, developers could run encryption entirely on Icestorm cores – Apple's equivalent to Intel's efficiency cores – which don't run DMP, but this also incurs a sizable performance penalty. The same is true of another possible solution – input blinding.

Ultimately, limiting who can access a piece of hardware is the best solution. In the long term, software should gain the ability to control whether and how it uses DMP. The researchers notified Apple of the problem late last year, but the company has not publicly commented. The researchers plan to release the proof-of-concept code soon.

The situation recalls the substantial vulnerabilities that have affected numerous CPUs in recent years, such as Spectre, Meltdown, Zenbleed, and Downfall. Researchers previously discovered the PACMAN flaw in M1 CPUs and iLeakage, which can leak sensitive data from M-series and A-series chips – affecting macOS and iOS devices.