Security News > 2024 > March > New GoFetch attack on Apple Silicon CPUs can steal crypto keys

New GoFetch attack on Apple Silicon CPUs can steal crypto keys
2024-03-22 15:01

A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache.

The attack targets constant-time cryptographic implementations using data memory-dependent prefetchers found in modern Apple CPUs.

The GoFetch attack targets data memory-dependent prefetchers, a CPU feature designed to improve computer performance when executing code.

The GoFetch attack focuses on a newer prefetcher called a data memory-dependent prefetcher.

"We reverse-engineered DMPs on Apple m-series CPUs and found that the DMP activates data loaded from memory that"looks like" a pointer," reads the summary of the attack.

As the weakness is part of the implementation of the data memory-dependent prefetcher built directly into Apple CPUs, there is no way to mitigate the attack with a hardware fix.


News URL

https://www.bleepingcomputer.com/news/security/new-gofetch-attack-on-apple-silicon-cpus-can-steal-crypto-keys/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349