Security News > 2024 > March > New GoFetch attack on Apple Silicon CPUs can steal crypto keys
A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache.
The attack targets constant-time cryptographic implementations using data memory-dependent prefetchers found in modern Apple CPUs.
The GoFetch attack targets data memory-dependent prefetchers, a CPU feature designed to improve computer performance when executing code.
The GoFetch attack focuses on a newer prefetcher called a data memory-dependent prefetcher.
"We reverse-engineered DMPs on Apple m-series CPUs and found that the DMP activates data loaded from memory that"looks like" a pointer," reads the summary of the attack.
As the weakness is part of the implementation of the data memory-dependent prefetcher built directly into Apple CPUs, there is no way to mitigate the attack with a hardware fix.
News URL
Related news
- New Apple CPU side-channel attacks steal data from browsers (source)
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits (source)
- Google Play, Apple App Store apps caught stealing crypto wallets (source)
- Crypto-stealing apps found in Apple App Store for the first time (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple warns 'extremely sophisticated attack' may be targeting iThings (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack (source)
- ⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma (source)