A security weakness has been discovered in Apple's M-series chips, potentially putting sensitive data at risk. The vulnerability enables attackers to extract secret encryption keys used in cryptographic operations, posing a significant threat to user privacy and security.

Dubbed “GoFetch,” the method involves a microarchitectural side-channel attack, leveraging a feature known as data memory-dependent prefetcher (DMP) present in the latest Apple processors. This attack targets constant-time cryptographic implementations, allowing malicious actors to capture sensitive data from the CPU cache.

The researchers reverse-engineered DMPs on Apple m-series CPUs and found that the DMP activates (and attempts to dereference) data loaded from memory that “looks like” a pointer, which violates a requirement of the constant-time programming paradigm forbidding mixing data and memory access patterns.

To exploit the vulnerability, attackers can craft specific inputs to cryptographic operations, wherein pointer-like values only appear if certain bits of the secret key have been correctly guessed. By monitoring the behavior of the DMP through cache-timing analysis, attackers can verify these guesses and progressively extract more bits of the secret key.

Popular cryptographic protocols such as OpenSSL Diffie-Hellman Key Exchange and Go RSA decryption, as well as post-quantum cryptography protocols like CRYSTALS-Kyber and CRYSTALS-Dilithium, are susceptible to end-to-end key extraction attacks.

The researchers demonstrated successful GoFetch attacks on Apple hardware equipped with M1 processors. Furthermore, tests conducted on other Apple processors revealed similar exploitable DMP behavior on M2 and M3 CPUs, indicating a widespread vulnerability across multiple generations of Apple's M-series chips.

Apple was made aware of the GoFetch vulnerability in December 2023. However, as of now, there has been no official statement from the tech giant regarding the issue or any potential fixes or mitigations.

Users of Apple devices utilizing M-series chips are advised to exercise caution when handling sensitive information and to remain vigilant for any potential security updates or patches released by Apple to address the GoFetch vulnerability. Additionally, cryptographic software developers are urged to review their implementations for susceptibility to side-channel attacks and to take appropriate measures to safeguard against such threats.