Security News > 2024 > March > Hardware-level Apple Silicon vulnerability can leak cryptographic keys

Hardware-level Apple Silicon vulnerability can leak cryptographic keys
2024-03-22 15:03

Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys.

"We reverse-engineered DMPs on Apple m-series CPUs and found that the DMP activates data loaded from memory that 'looks like' a pointer," the team say in the paper.

Similar vulnerabilities were reported in Apple Silicon chips a few years back under the name "Augury," but the GoFetch researchers note Augury's analysis of DMP was "Overly restrictive" and "Missed several DMP activation scenarios."

The researchers were able to successfully mount end-to-end attacks on Apple hardware containing M1 processors, and found that base-model M2 and M3 Apple Silicon CPUs display similar exploitable behavior.

"We want to thank the researchers for their collaboration as this research advances our understanding of these types of threats," an Apple spokesperson told The Register.

Apple also pointed us to developer documentation on how to implement the mitigations highlighted by the researchers, which Apple admits will degrade CPU performance.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/22/hardwarelevel_apple_silicon_vulnerability_can/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349