Security News > 2024 > March > New GoFetch attack on Apple Silicon CPUs can steal crypto keys
A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache.
The attack targets constant-time cryptographic implementations using data memory-dependent prefetchers found in modern Apple CPUs.
The GoFetch attack targets data memory-dependent prefetchers, a CPU feature designed to improve computer performance when executing code.
The GoFetch attack focuses on a newer prefetcher called a data memory-dependent prefetcher.
"We reverse-engineered DMPs on Apple m-series CPUs and found that the DMP activates data loaded from memory that"looks like" a pointer," reads the summary of the attack.
As the weakness is part of the implementation of the data memory-dependent prefetcher built directly into Apple CPUs, there is no way to mitigate the attack with a hardware fix.
News URL
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Fake Leather wallet app on Apple App Store is a crypto drainer (source)
- Oracle warns that macOS 14.4 update breaks Java on Apple CPUs (source)
- New ZenHammer memory attack impacts AMD Zen CPUs (source)
- New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs (source)
- New Spectre v2 attack impacts Linux systems on Intel CPUs (source)
- Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (source)
- Apple: Mercenary spyware attacks target iPhone users in 92 countries (source)
- Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware' (source)
- Apple Alerts iPhone Users in 92 Countries to Mercenary Spyware Attacks (source)