How secure are Apple’s latest computers? According to several researchers, everything is not perfect, far from it.
You’ve heard it a thousand times: a Mac is better protected than a PC. In truth, this statement must be put into perspective, because any device, whether it is Apple-branded or not, can be the victim of a specific malicious actor.
As proof, macOS goes to great lengths to protect its users, by alerting them when an unsigned program is being installed, for example. However, a recent discovery proves that even with their solid reputation, Apple’s products are not free from some pretty dangerous vulnerabilities.
A careless mistake with serious consequences
Are you using a MacBook, iMac or any Mac, equipped with an M1, M2 or M3 processor? If so, you better be more careful than ever when installing a new application because your computer has serious gaps. Indeed, its chips are subject to a bug that is difficult to correct, at least according to several researchers.
The latter, from several universities, discovered a flaw in the Data Memory-dependent Prefetchers (DMP) of Apple Silicon chips. This process is responsible for predicting “ the memory addresses of data that the running code is likely to access in the near future “, explain Ars Technica. By storing this information in the CPU cache, it reduces the latency between the CPU and main memory, thereby improving performance.
Problem: Data that is supposed to be stored this way can sometimes be confused with other data that shouldn’t be, like encryption keys, for example. This makes the latter potentially readable by a malicious program, especially if the latter and the application using the encrypted information are executed on the same P-Cores (Performance-Cores) cluster. Obviously, our researchers were able to demonstrate all of this with a program they called “GoFetch”.
The team’s results are impressive: they are able to recompose a key in one to ten hours, depending on the encryption technology used. Worse still, GoFetch does not need to ask the targeted program to perform specific operations, thus making it relatively unobtrusive. A perfect weapon that Apple cannot really counter, since this vulnerability comes from the microarchitectural design of the processor itself.
Solutions far from perfect
For their part, developers have alternatives to protect themselves against GoFetch or other similar programs. By running their applications only on E-Cores (Efficient-Cores), less powerful but above all less sensitive to this bug linked to DMPs, or by making the encryption algorithm more random. In both cases, users could face a drastic drop in performance, with countermeasures potentially doubling the resources required for the most complex encryption operations, particularly in the case of Diffie-Hellman key exchanges.
Before you throw away your MacBook Air M3 15″ or give it to your nephew to replace his iPad, know that the risks are considered low by Apple. This is not the first DMP-related vulnerability that has been brought to its attention , and the firm has decided not to do anything about it, at least for the moment. On the one hand, the impact on performance would not yet be justifiable, the probability of a massive attack still seeming low.
On the other hand, a malicious actor would have to encourage its victims to install their GoFetch-type program themselves, which would then logically not be signed by Apple and therefore blocked by default. At this point, we are typically in a situation where it is up to the user to be very careful about what they download.
This does not mean that the Californian company is exempt from correcting this vulnerability, far from it. But, in the meantime, know that you have a minimum of control to protect yourself against this type of attack. If you are unsure about a program you want to install, an Internet search can usually answer your questions. And, finally, a good antivirus will be able to help you sleep soundly, even with a Mac.
Source : Ars Technica
1