Apple silicon has transformed the Mac since the M1's introduction and that continued with the M2 and the latest M3, the chip that powers the latest MacBook Air and other best MacBooks. It brought with it a level of performance and battery life that was previously not possible when using Intel's chips and the fluidity of the chipmaker's roadmap made it difficult to plan products around. But while the M-series chips have been a revelation, they aren't perfect as news of a newly found security flaw proves.
The flaw, which just so happens to be unpatchable, has the potential to open the doors to Mac's encryption keys. That's bad news for anyone who values their privacy and security, although there is a discussion to be had about just how much of a problem the flaw really is. What we do know is that the flaw is real, however, and it's present in all M1, M2, and M3 Macs as well as potentially future models as well.
This isn't the first Apple silicon security flaw of course, but any new flaw is sure to be a thorn in the side of Apple's much-flaunted silicon team.
The flaw was first reported by ArsTechnica and the outlet explains that the issue comes thanks to the way that modern chips, like the M-series, process information. The Dara Memory-dependent Prefetchers (DMP) are used to optimize the performance of chips and are actually an expansion of prefetchers that have been around for years.
"The threat resides in the chips data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future," Ars explains. "By loading the contents into the CPU cache before its actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing."
But researchers have spotted a bug in the DMP which, because of the nature of the beast, cannot be fixed. A workaround could be done via software, but it'll likely have a notable impact on performance when performing cryptographic tasks.
Researchers say that "prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is different in this sense as in addition to addresses it also uses the data values in order to make predictions (predict addresses to go to and prefetch). In particular, if a data value 'looks like' a pointer, it will be treated as an 'address' (where in fact it's actually not!) and the data from this address will be brought to the cache. The arrival of this address into the cache is visible, leaking over cache side channels." It's the leaking that the researchers have been able to use when developing their attack on the system.
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
"We cannot leak encryption keys directly, but what we can do is manipulate intermediate data inside the encryption algorithm to look like a pointer via a chosen input attack," the researchers told Ars via email. "The DMP then sees that the data value 'looks like' an address, and brings the data from this 'address' into the cache, which leaks the 'address.' We dont care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.
However, as problematic as this might be, it's unlikely to be an issue for the vast majority of people. The tool the researchers created as a proof of concept requires a little less than an hour to do its work, and that's to extract a 2048-bit RSA key. The stronger the key, the more time is required all the way to around 10 hours for a Dilithium-2 key. That means people would need to unwittingly download and run an unknown app and then have it running for around an hour before there would be any chance of anything being extracted. And considering most Macs are configured not to run apps that have not been signed by Apple by default, that's even less likely to happen.
Here is the original post:
New Apple silicon security flaw could allow the extraction of encryption keys, but don't dust down that old Intel Mac just yet - iMore