If it works out at all. But it will definitely be corrected in the M4 generation.
Cybersecurity experts have discovered a serious vulnerability in Apple's M1, M2 and M3 family processors, which could cause confidential data to leak.
The GoFetch security flaw allows attackers to intercept sensitive cryptographic information from the processor cache, recover encryption keys from it, and provide access to sensitive data.
The vulnerability is related to the operation of the Data Memory-dependent Prefetcher (DMP), a mechanism designed to speed up the operation of chips by preloading the necessary data. It is present in the Apple Silicon and Intel Raptor Lake family of processors. Researchers have found that DMP can unintentionally load incorrect data into the cache, undermining software-level protection. This opens the door to GoFetch exploitation, where an attacker can load sensitive data into the cache for later retrieval.
GoFetch poses a threat to all existing encryption algorithms. The solution proposed by the researchers entails a drop in the performance of protected solutions: reorienting encryption processes on a kernel without DMP reduces the speed of data processing. Another interesting fact is that the latest Intel Raptor Lake chips turned out to be immune to the identified vulnerability, although they also use the DMP mechanism.
Apple has not yet announced the timing of the release of a patch to solve the problem in existing processor models. It is highly likely that the vulnerability will be fixed in the next generation of M4 chips, preventing similar risks for future users of Apple products.