Researchers have discovered a new unpatchable security flaw that can break encryption on the best MacBooks if exploited by an attacker.
As reported by 9To5Mac, this recently discovered vulnerability affects every Mac running Apple silicon including the company’s M1, M2 and M3 chips. To make matters worse, the flaw is present in the architecture of these chips which means there’s no way for Apple to fix it outright. Instead, any fixes will need to be made before the iPhone maker releases its M4 chips later this year.
Just like with last year’s iLeakage attack, this flaw is also a side channel that can allow for the end-to-end keys used in encryption to be extracted by an attacker given the right circumstances. Fortunately though, exploiting this vulnerability is fairly difficult for an attacker as doing so can take a considerable amount of time.
Whether you have one of Apple’s recently released MacBook Air M3 models or an older MacBook Pro with an M1 chip from back in 2020, here’s everything you need to know about this unpatchable security flaw along with a few tips on how to protect yourself.
Exploiting this vulnerability using GoFetch
This new vulnerability was discovered by a team of seven academic researchers from universities across the U.S. who detailed their findings in a research paper (PDF) about microarchitectural side-channel attacks.
To show how this flaw could be exploited by attackers, they created an app called GoFetch which doesn’t require root access according to Ars Technica. Instead, it only requires the same user privileges used by most third-party Mac apps.
For those unfamiliar with Apple’s M-series chips, they are all divided into clusters which house their different cores. If the GoFetch app and the cryptography app being targeted by an attacker are running on the same performance cluster, GoFetch will be able to mine enough secrets to leak a secret key.
It’s all a bit technical; I suggest reading Ars Technica’s report for a deeper dive but essentially, this unpatchable vulnerability is bad news for Apple but it likely won’t affect you in nearly the same way that the Meltdown and Spectre flaws did for PC users.
Patching will have a hit on performance
Since this flaw exists in Apple’s chips themselves and not in its software, patching it won’t be possible. The iPhone maker would instead have to release brand new chips to completely fix it.
Since the vulnerability is unpatchable, the researchers who discovered it suggest that the best Apple could do is to implement workarounds to address it in the company’s M1, M2 and M3 chips.
These workarounds would be on the software side and cryptographic software developers would need to add a mitigation like ciphertext blinding which adds or removes masks to sensitive values — like the ones used in encryption keys – before/after they are stored to or loaded from memory.
The big problem here though is that implementing something like this would result in a serious hit on performance, which is the last thing most Apple users would want. Thankfully though, exploiting this vulnerability isn’t that easy to do.
Why you shouldn’t be too worried
In order to use this unpatchable vulnerability in one of their attacks, a hacker would first need to trick an unsuspecting Mac user into installing a malicious app on their computer. Apple blocks unsigned apps by default in macOS with Gatekeeper, which would make installing the malicious app needed to pull off an attack much more difficult.
From here, this attack takes quite a bit of time to be carried out. In fact, during their tests, the researchers noted that it took anywhere from close to an hour to 10 hours to do so during which time, the malicious app would need to be running continuously.
While we haven’t heard anything from Apple regarding this unpatchable vulnerability yet, we’ll update this piece when and if we do. Until then, the researchers recommend keeping all of the software on your Apple silicon-powered Macs up to date and installing regular updates from Apple as soon as they become available.
