New Unpatchable Apple M1 Security Vulnerability Discovered

author avatarIvelin Krastev Hours Posted on Hours Updated on

Before we dive in

Before we dive in, let's make sure you stay safe online. We created SpyHunter because your security matters to us.

Protect your computer today — download SpyHunter right here! Check out our top tips below to keep your computer safe and secure.

Download SpyHunter

A new problem has been found in Apple’s M-series chips, and it’s a big one that can’t be fixed with a simple update. This issue, discovered by researchers and named “GoFetch,” allows cybercriminals to sneak out secret keys that keep our data safe.

This recently discovered vulnerability affects countless devices and shows us that even the most advanced technology can have weaknesses.

Let’s explore what this means for Apple device users and why this discovery is a critical reminder of the ongoing battle between technological advances and the need for solid security.

This Article Contains:

What is the vulnerability?

Apple’s M1, M2, and M3 chips, celebrated for their performance and efficiency, have hit a snag by discovering a critical vulnerability.

new unpatchable security flow apple silicon

This section breaks down the basics of this issue, focusing on the role of Data Memory-Dependent Prefetchers (DMPs) and the specific mechanism through which the app called GoFetch operates.

The basics of DMPs in Apple Silicon-powered Macs

At the heart of this recently discovered vulnerability lies a feature designed to enhance the speed and efficiency of Apple’s chips.

DMPs are hardware optimizations that predict and preload data into the CPU cache before it’s needed. This function is crucial for reducing the wait time between the CPU requesting and receiving data.

However, the recently discovered flaw turns this speed-enhancing feature into a potential security risk.

How does the GoFetch app leak encryption keys?

The GoFetch attack exploits a specific behavior of DMPs that was previously overlooked. Usually, prefetchers predict future memory addresses based on past access patterns without considering the actual data involved.

However, DMPs in Apple’s M1, M2, and M3 chips also examine the data values, treating any that resemble memory addresses as pointers. This is where the vulnerability stems from.

When an attacker manipulates specific data within a cryptographic algorithm to mimic a pointer, the DMP is tricked into treating this “pointer” as a memory address. This erroneous prefetching brings the data to the cache, where its presence and movement can leak sensitive information over cache side channels.

In an email to ArsTechnica, the authors explained:

Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is different in this sense as in addition to addresses it also uses the data values in order to make predictions (predict addresses to go to and prefetch). In particular, if a data value “looks like” a pointer, it will be treated as an “address” (where in fact it’s actually not!) and the data from this “address” will be brought to the cache. The arrival of this address into the cache is visible, leaking over cache side channels.

Our attack exploits this fact. We cannot leak encryption keys directly, but what we can do is manipulate intermediate data inside the encryption algorithm to look like a pointer via a chosen input attack. The DMP then sees that the data value “looks like” an address, and brings the data from this “address” into the cache, which leaks the “address.” We don’t care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.

By forcing the DMP to misinterpret manipulated data as pointers, attackers can indirectly leak encryption keys directly from the cache, bypassing traditional security measures designed to prevent such breaches.

This mechanism represents a sophisticated exploitation of a hardware feature for malicious purposes, underscoring a significant challenge in balancing performance enhancements with security needs in modern computing devices.

The unpatchable nature of the flaw

This vulnerability stands apart due to its unpatchable nature. It’s rooted deep within the microarchitectural design of Apple’s silicon, meaning it can’t be resolved with a standard software update.

This flaw directly results from Apple’s physical hardware optimizations to boost performance, specifically the data memory-dependent prefetchers (DMPs).

apple silicon unpatchable vulnerability discovered

Fixing this issue outright would require a redesign of the chip’s architecture—a task far beyond the scope of a simple patch.

Apple, along with the broader tech community, is faced with the daunting task of finding workarounds that don’t compromise the celebrated efficiency and speed of Apple silicon.

Potential impact and who’s at risk

The revelation of this flaw has raised alarms about data security across millions of devices. Anyone using a Mac with an M-series chip, from individual consumers to large organizations, is potentially at risk.

The ability to extract secret encryption keys poses a severe threat, potentially allowing attackers to decrypt sensitive data, from personal photos and documents to corporate and financial information.

However, exploiting this vulnerability is not straightforward. It requires specific conditions, such as running a malicious app on the same performance cluster as the targeted cryptography app.

Moreover, Apple’s security measures, like Gatekeeper, which blocks unsigned Mac apps, add a layer of protection.

Navigating Apple’s security measures

Despite the complexity of the GoFetch vulnerability, Apple’s existing security framework, notably Gatekeeper, provides a significant barrier against potential exploits.

The Gatekeeper’s role is to prevent unsigned apps from running on macOS, a measure that drastically reduces the risk of installing a malicious app needed to leverage the vulnerability. However, the effectiveness of Apple’s security measures does not render devices impervious to all threats.

Incorporating third-party security software like SpyHunter for Mac is advisable to bolster your Mac’s defenses further.

remove malware, trojans, and other threats with spyhunter

Through its real-time scanning mechanism, SpyHunter offers comprehensive protection against malware, ransomware, and other threats. It’s designed to complement macOS’s built-in security features, offering an additional layer of security that adapts to emerging threats.

Download SpyHunter and gain peace of mind, knowing your devices have robust protection against the latest cybersecurity threats.

Future outlook and user advice

The discovery of this unpatchable security flaw marks a critical moment for most Apple users, highlighting the need for continuous adaptation in the face of evolving security threats.

Staying informed and exercising caution is the key to navigating this landscape. Here are some tips to help protect your device and data:

  1. Keep Software Updated: Regularly update your macOS and all applications to ensure you have the latest security patches and protections.
  2. Download Wisely: Only download apps from trusted sources, such as the App Store or verified developers, and pay attention to any security prompts from macOS.
  3. Use Reputable Security Software: Installing reputable antivirus software like SpyHunter for Mac can significantly enhance your device’s security. SpyHunter offers real-time protection against malware and other threats. This ensures your system remains secure against the latest vulnerabilities and exploits. SpyHunter will keep it malware-free whether you have a Mac running Apple Silicon or an Intel-based one.

Looking ahead, the tech community remains watchful and ready to respond to new challenges.

For users, the balance between enjoying cutting-edge technology and ensuring data security requires awareness, vigilance, and a proactive approach to cybersecurity.

Conclusion

This new, unpatchable security flaw in Apple’s M-series chips is a stark reminder of the constant battle between advancing technology and ensuring security. As we move forward, staying informed and vigilant is vital. Users should keep their devices updated and be cautious when installing apps from untrusted sources.

The journey towards secure, efficient computing continues, with lessons learned from each challenge.

Share this post on your favorite social media
author avatar

Ivelin is a Mac security expert who works hard to keep computers safe. He helps develop SpyHunter for Mac, a tool that fights off new cyber threats. With a lot of experience, Ivelin knows a lot about keeping Macs safe and makes sure people can use their computers without worry.

Keep Your Mac Fast and Secure
Optimize your Mac and stay malware-free with SpyHunter
Download SpyHunter For Free

For a better understanding of our policies, please review our Free Trial Offer below, EULA, and Privacy/Cookie Policy.

SpyHunter Free Trial: Important Terms & Conditions

The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac, offering comprehensive malware detection and removal functionality, high-performance guards to actively protect your system from malware threats, and access to our technical support team via the SpyHunter HelpDesk. You will not be charged upfront during the Trial period, although a credit card is required to activate the Trial. (Prepaid credit cards, debit cards, and gift cards are not accepted under this offer.) The requirement for your payment method is to help ensure continuous, uninterrupted security protection during your transition from a Trial to a paid subscription should you decide to purchase. Your payment method will not be charged a payment amount upfront during the Trial, although authorization requests may be sent to your financial institution to verify that your payment method is valid (such authorization submissions are not requests for charges or fees by EnigmaSoft but, depending upon your payment method and/or your financial institution, may reflect on your account availability). You can cancel your Trial by contacting EnigmaSoft’s payment processor (identified in your confirmation email) or EnigmaSoft directly no later than two business days before the 7-day Trial period expires to avoid a charge coming due and being processed immediately after your Trial expires. If you decide to cancel during your Trial, you will immediately lose access to SpyHunter. If, for any reason, you believe a charge was processed that you did not wish to make (which could occur based on system administration, for example), you may also cancel and receive a full refund for the charge any time within 30 days of the date of the purchase charge. See FAQs.

At the end of the Trial, you will be billed upfront immediately at the price and for the subscription period as set forth in the offering materials and registration/purchase page terms (which are incorporated herein by reference; pricing may vary by country per purchase page details) if you have not timely canceled. Pricing typically starts at $72 for 3 months (SpyHunter Pro Windows) and $42 for 3 months (SpyHunter for Mac). Your purchased subscription will be automatically renewed in accordance with the registration/purchase page terms, which provide for automatic renewals at the then applicable standard subscription fee in effect at the time of your original purchase and for the same subscription time period, provided you’re a continuous, uninterrupted subscription user. Please see the purchase page for details. Trial subject to these Terms, your agreement to EULA/TOS, Privacy/Cookie Policy, and Discount Terms. If you wish to uninstall SpyHunter, learn how.

For payment on the automatic renewal of your subscription, an email reminder will be sent to the email address you provided when you registered before your next payment date. At the onset of your trial, you will receive an activation code that is limited to use for only one Trial and for only one device per account. Your subscription will automatically renew at the price and for the subscription period in accordance with the offering materials and registration/purchase page terms (which are incorporated herein by reference; pricing may vary by country per purchase page details), provided that you are a continuous, uninterrupted subscription user. For paid subscription users, if you cancel, you will continue to have access to your product(s) until the end of your paid subscription period. If you wish to receive a refund for your then current subscription period, you must cancel and apply for a refund within 30 days of your most recent purchase, and you will immediately stop receiving full functionality when your refund is processed.

For CALIFORNIA CONSUMERS, please see the notice provisions:
NOTICE TO CALIFORNIA CONSUMERS: Per the California Automatic Renewal Law, you may cancel a subscription as follows:

  1. Go to www.enigmasoftware.com and click the "Login" button at the top right corner.
  2. Log in with your username and password.
  3. In the navigation menu, go to "Order/Licenses." Next to your order/license, a button is available to cancel your subscription if applicable. Note: If you have multiple orders/products, you will need to cancel them on an individual basis.

Should you have any questions or problems, you can contact our EnigmaSoft support team by phone at +1 (888) 360-0646 (USA Toll-Free) / +353 76 680 3523 (Ireland/International) or by email at support@enigmasoftware.com.
How do you cancel a SpyHunter Trial? If your SpyHunter Trial was registered via MyCommerce, you can cancel the trial via MyCommerce by logging into the MyAccount section of MyCommerce (see your confirmation email for further details). You can also contact MyCommerce by phone or email to cancel. To contact MyCommerce via phone, you can call +1-800-406-4966 (USA Toll-Free) or +1-952-646-5022 (24x7x356). You can contact MyCommerce by e-mail at ordersupport@mycommerce.com. You can easily identify if your trial was registered via MyCommerce by checking the confirmation emails that were sent to you upon registration. Alternatively, all users may also contact EnigmaSoft Limited directly. Users can contact our technical support team by emailing support@enigmasoftware.com, opening a ticket in the SpyHunter HelpDesk, or calling +1 (888) 360-0646 (USA) / +353 76 680 3523 (Ireland/International). You can access the SpyHunter HelpDesk from SpyHunter's main screen. To open a support ticket, click on the "HelpDesk" icon. In the window that appears, click the "New Ticket" tab. Fill out the form and click the "Submit" button. If you are unsure of what "Problem Type" to select, please choose the "General Questions" option. Our support agents will promptly process your request and respond to you.

———

SpyHunter Purchase Details
You also have the choice of subscribing to SpyHunter immediately for full functionality, including malware removal and access to our support department via our HelpDesk, typically starting at $42 for 3 months (SpyHunter Basic Windows) and $42 for 3 months (SpyHunter for Mac) in accordance with the offering materials and registration/purchase page terms (which are incorporated herein by reference; pricing may vary by country per purchase page details). Your subscription will automatically renew at the then applicable standard subscription fee in effect at the time of your original purchase subscription and for the same subscription time period, provided you’re a continuous, uninterrupted subscription user and for which you will receive a notice of upcoming charges before the expiration of your subscription. Purchase of SpyHunter is subject to the terms and conditions on the purchase page, EULA/TOS, Privacy/Cookie Policy and Discount Terms.

———

General Terms
Any purchase for SpyHunter under a discounted price is valid for the offered discounted subscription term. After that, the then applicable standard pricing will apply for automatic renewals and/or future purchases. Pricing is subject to change, although we will notify you in advance of price changes.
All SpyHunter versions are subject to your agreeing to our EULA/TOS, Privacy/Cookie Policy, and Discount Terms. Please also see our FAQs and Threat Assessment Criteria. If you wish to uninstall SpyHunter, learn how.