Unpatchable" Vulnerability Found in Apple's M-Series Chips Amid Antitrust Lawsuit
Summary:
A recent study has uncovered a significant, "unpatchable" vulnerability in Apple's M-series chips that could potentially enable malicious entities to access confidential encryption keys on Mac devices. The flaw, deeply rooted in the chip's microarchitectural design, could impact the industry's faith in Apple's hardware security framework. In the midst of this revelation, Apple is also facing an extensive antitrust lawsuit from the U.S. Department of Justice over alleged unfair competition practices.
A new study uncovered a significant weakness in Apple's M-series chips, which could potentially allow malicious entities to gain access to confidential encryption keys on Mac devices. The study, released on March 21 by a team of scholars from various American universities, named the weakness as a side-channel vulnerability that can let cybercriminals secretly acquire end-to-end encryption keys while Apple's chips are running typically used cryptographic protocols. Unlike standard vulnerabilities that could be fixed with straightforward patches, this specific problem deeply stems from the microarchitectural design of the silicon itself, making it "unpatchable." To effectively resolve this defect, the use of independent cryptographic software would be essential, possibly severely impacting the efficiency of the M-series chips, particularly earlier models like the M1 and M2 chips. This discovery exposes a significant shortcoming and hurdle in Apple's hardware security framework. If exploited, hackers could intercept and manipulate memory access patterns to retrieve sensitive data like encryption keys used by cryptographic applications. The scholars named this form of hack a "GoFetch" exploit. This hack works flawlessly within the user's environment and only requires ordinary user permissions, similar to those necessary for common applications. Once the study became public, Mac users on online forums started questioning whether there is cause for grave concern or required action pertaining to password keychains. One user stated their belief that Apple would handle the issue within their OS itself โ if not, they would be "more concerned." Another user pointed out that this flaw has been familiar to Apple for some time and could be why Apple's M3 has an "extra instruction to disable DMP." The user mentioned the prior investigation on the subject was named an "augury" and goes back to 2022. This revelation coincides with Apple being embroiled in a comprehensive antitrust lawsuit with the U.S. Department of Justice (DOJ), which alleges that its app store policies and "monopoly" unlawfully restrained competition and stifled innovation. The DOJ also accused Apple of restricting access to competing digital wallets that offer an array of enhanced features while preventing developers from providing their payment services to users.
Published At
3/22/2024 11:47:04 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.