Security News > 2024 > March > Hardware-level Apple Silicon vulnerability can leak cryptographic keys
Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys.
"We reverse-engineered DMPs on Apple m-series CPUs and found that the DMP activates data loaded from memory that 'looks like' a pointer," the team say in the paper.
Similar vulnerabilities were reported in Apple Silicon chips a few years back under the name "Augury," but the GoFetch researchers note Augury's analysis of DMP was "Overly restrictive" and "Missed several DMP activation scenarios."
The researchers were able to successfully mount end-to-end attacks on Apple hardware containing M1 processors, and found that base-model M2 and M3 Apple Silicon CPUs display similar exploitable behavior.
"We want to thank the researchers for their collaboration as this research advances our understanding of these types of threats," an Apple spokesperson told The Register.
Apple also pointed us to developer documentation on how to implement the mitigations highlighted by the researchers, which Apple admits will degrade CPU performance.
News URL
Related news
- New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys (source)
- New GoFetch Vulnerability in Apple’s M Chips Allows Secret Keys Leak on Compromised Computers (source)
- GhostRace – New Data Leak Vulnerability Affects Modern CPUs (source)
- Hardware Vulnerability in Apple’s M-Series Chips (source)