Security News
The newly exposed GoFetch vulnerability affecting Apple's M1, M2 and M3 chips lets an attacker exfiltrate secret keys from cryptographic applications on a targeted system. DMPs - in contrast to classical prefetchers that only store the memory access pattern - "Also take into account the contents of data memory directly to determine what to prefetch," as written in the publication from Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher W. Fletcher, David Kohlbrenner, Riccardo Paccagnella and Daniel Genkin that reveals all of the details about the GoFetch vulnerability.
The GoFetch vulnerability found on Apple M-series and Intel Raptor Lake CPUs has been further unpacked by the researchers who first disclosed it. DMPs are present on all Apple M-series CPUs and Intel's Raptor Lake processors, and the dedicated website for GoFetch now shows how exactly the exploit is carried out.
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a...
Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys. "We reverse-engineered DMPs on Apple m-series CPUs and found that the DMP activates data loaded from memory that 'looks like' a pointer," the team say in the paper.
A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache. The attack targets constant-time cryptographic implementations using data memory-dependent prefetchers found in modern Apple CPUs.
The U.S. Department of Justice (DoJ), along with 16 other state and district attorneys general, on Thursday accused Apple of illegally maintaining a monopoly over smartphones, thereby undermining,...
Oracle warned Apple customers to delay installing the latest macOS 14.4 Sonoma update because it will break Java on ARM-based Macs. According to Garcia-Ribeyro, since the Java Virtual Machine uses dynamic code generation and accesses memory in protected memory regions to ensure correctness and performance, its process will be terminated after deploying the macOS 14.4 update.
The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets. Last week, the genuine Leather wallet warned its community about a fake version of its wallet on the Apple App Store, making it clear that the company does not yet offer an iOS app.
Apple's latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that intel suggests attackers have already exploited. Affecting RTKit, Apple's real-time operating system that runs on various devices like AirPods, Apple Watch, and more, its description closely mirrors that of CVE-2024-23225.
Apple has fixed two iOS zero-day vulnerabilities exploited by attackers in the wild. "Additional CVE entries [are] coming soon," Apple noted for both updates.