Security News > 2024 > March > GoFetch security exploit can't be disabled on M1 and M2 Apple chips
The GoFetch vulnerability found on Apple M-series and Intel Raptor Lake CPUs has been further unpacked by the researchers who first disclosed it.
DMPs are present on all Apple M-series CPUs and Intel's Raptor Lake processors, and the dedicated website for GoFetch now shows how exactly the exploit is carried out.
The GoFetch exploit isn't earth-shattering, as it's in a similar vein to Spectre, Meltdown, and other vectors that rely on a CPU's performance-boosting prediction features.
Normally, there are software-based patches for chips that have hardware-level exploits, and usually that just involves disabling the speculative feature, but in the case of M1 and M2 CPUs, researchers say that's not possible.
"We observe that the DIT bit set on M3 CPUs effectively disables the DMP. This is not the case for the M1 and M2." So, GoFetch can be solved with a software patch for M3 and Raptor Lake CPUs, but not for M1 and M2 chips since DMP will run no matter what.
The DMP-based GoFetch exploit only works on Firestorm cores, including for M1 and M2 CPUs, and the GoFetch paper suggests all cryptographic work should solely be run on the Icestorm cores for the time being.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/03/25/gofetch_security_exploit_demoed/
Related news
- U.S. Justice Department Sues Apple Over Monopoly and Messaging Security (source)
- New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys (source)
- New GoFetch Vulnerability in Apple’s M Chips Allows Secret Keys Leak on Compromised Computers (source)
- Hardware Vulnerability in Apple’s M-Series Chips (source)
- Apple's GoFetch silicon security fail was down to an obsession with speed (source)
- OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)