Unpatchable vulnerability discovered in Apple M1, M2 and M3 chips — what you need to know
New side-channel attack breaks encryption on Apple silicon
Researchers have discovered a new unpatchable security flaw that can break encryption on the best MacBooks if exploited by an attacker.
As reported by 9To5Mac, this recently discovered vulnerability affects every Mac running Apple silicon including the company’s M1, M2 and M3 chips. To make matters worse, the flaw is present in the architecture of these chips which means there’s no way for Apple to fix it outright. Instead, any fixes will need to be made before the iPhone maker releases its M4 chips later this year.
Just like with last year’s iLeakage attack, this flaw is also a side channel that can allow for the end-to-end keys used in encryption to be extracted by an attacker given the right circumstances. Fortunately though, exploiting this vulnerability is fairly difficult for an attacker as doing so can take a considerable amount of time.
Whether you have one of Apple’s recently released MacBook Air M3 models or an older MacBook Pro with an M1 chip from back in 2020, here’s everything you need to know about this unpatchable security flaw along with a few tips on how to protect yourself.
Exploiting this vulnerability using GoFetch
This new vulnerability was discovered by a team of seven academic researchers from universities across the U.S. who detailed their findings in a research paper (PDF) about microarchitectural side-channel attacks.
To show how this flaw could be exploited by attackers, they created an app called GoFetch which doesn’t require root access according to Ars Technica. Instead, it only requires the same user privileges used by most third-party Mac apps.
For those unfamiliar with Apple’s M-series chips, they are all divided into clusters which house their different cores. If the GoFetch app and the cryptography app being targeted by an attacker are running on the same performance cluster, GoFetch will be able to mine enough secrets to leak a secret key.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
It’s all a bit technical; I suggest reading Ars Technica’s report for a deeper dive but essentially, this unpatchable vulnerability is bad news for Apple but it likely won’t affect you in nearly the same way that the Meltdown and Spectre flaws did for PC users.
Patching will have a hit on performance
Since this flaw exists in Apple’s chips themselves and not in its software, patching it won’t be possible. The iPhone maker would instead have to release brand new chips to completely fix it.
Since the vulnerability is unpatchable, the researchers who discovered it suggest that the best Apple could do is to implement workarounds to address it in the company’s M1, M2 and M3 chips.
These workarounds would be on the software side and cryptographic software developers would need to add a mitigation like ciphertext blinding which adds or removes masks to sensitive values — like the ones used in encryption keys – before/after they are stored to or loaded from memory.
The big problem here though is that implementing something like this would result in a serious hit on performance, which is the last thing most Apple users would want. Thankfully though, exploiting this vulnerability isn’t that easy to do.
Why you shouldn’t be too worried
In order to use this unpatchable vulnerability in one of their attacks, a hacker would first need to trick an unsuspecting Mac user into installing a malicious app on their computer. Apple blocks unsigned apps by default in macOS with Gatekeeper, which would make installing the malicious app needed to pull off an attack much more difficult.
From here, this attack takes quite a bit of time to be carried out. In fact, during their tests, the researchers noted that it took anywhere from close to an hour to 10 hours to do so during which time, the malicious app would need to be running continuously.
While we haven’t heard anything from Apple regarding this unpatchable vulnerability yet, we’ll update this piece when and if we do. Until then, the researchers recommend keeping all of the software on your Apple silicon-powered Macs up to date and installing regular updates from Apple as soon as they become available.
More from Tom's Guide
- M3 MacBook Air can power two displays but there’s a huge catch
- Apple M3 vs M3 Pro vs M3 Max: The specs you need to know
- FTC just issued warning over this scam stealing thousands from Americans
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.