A group of American researchers discovered the GoFetch vulnerability in Apple M1, M2 and M3 processors. Exploitation of this vulnerability allows an attacker to intercept cryptographic information from the processor cache, recover encryption keys from it, and provide access to confidential data.
The vulnerability is related to the operation of the DMP (Data Memory-dependent Prefetcher) data preloading mechanism – it is present in Apple Silicon and Intel Raptor Lake processors, ensuring that data is loaded into memory before it is needed. The problem is that DMP sometimes mistakenly loads inappropriate data into the CPU cache, which neutralizes the software's security measures: applications exploiting the GoFetch vulnerability can trick the cryptographic software into loading sensitive data into the cache, which can then be stolen by the malware.
This serious vulnerability affects all types of encryption algorithms, including methods with 2048-bit keys, which are considered unbreakable by quantum computers. The only way to protect against the vulnerability is to mitigate its effects by reducing encryption and decryption performance on Apple M1, M2, and M3 processors. Developers can force encryption components to efficient E-cores that lack DMP, but this comes with a performance penalty. Another possible exception is the Apple M3 processor – it may have a “switch” that developers can use to disable DMP, but it is unknown how this will affect system speed.
It is noteworthy that processors based on Intel Raptor Lake architecture (13th and 14th generations) do not have this vulnerability, although they use the same DMP mechanism – Apple is likely to take this aspect into account when designing M4 chips and release them to the market without this error. Apple has not yet indicated a time frame for fixing the problem for existing processors.
If you notice an error, select it with the mouse and press CTRL+ENTER.