New hardware vulnerability discovered in Apple’s M chips that allows attackers to steal encryption keys from Macs
03/31/2024 // Cassie B. // Views

Apple computers have long distinguished themselves from PCs by being more difficult to hack, which is one reason some security-conscious computer and smartphone users are happy to fork over the high prices their products fetch. However, Apple has found itself in the spotlight more and more lately as tech experts reveal numerous vulnerabilities in their products.

The latest is a new bug that researchers have found in the Apple M1, M2 and M3 chipset. Known as the GoFetch vulnerability, it is part of the computer’s CPU. This means that unless you change the computer’s CPU itself, it is essentially unpatchable. It allows for side-channel cache-based memory attacks wherein a process can read the data from another process and leak information. The vulnerability is highly sophisticated and is related to the Data Memory-dependent Prefetcher hardware part of the chip.

Although it is very concerning, cybersecurity experts emphasize that it is a local bug, which means that an individual would need access to your computer in order to take advantage of it.

Nevertheless, it points to an unsettling trend in which Apple’s computers and smartphones are increasingly being found to be far less secure than many consumers believe. And with bugs like this one in particular, some people, like X user “Kim Dotcom”, are wondering whether U.S. intelligence agencies have intentionally placed them there so they can spy on Americans.

Apple has had several high-profile vulnerabilities exposed recently

In December, researchers exposed an attack known as Triangulation that backdoored countless iPhones, many of which belonged to employees of the security firm Kaspersky, across a span of four years. The attackers gained an unprecedented degree of access by exploiting a vulnerability in an undocumented hardware feature of the phones.

Human knowledge is under attack! Governments and powerful corporations are using censorship to wipe out humanity's knowledge base about nutrition, herbs, self-reliance, natural immunity, food production, preparedness and much more. We are preserving human knowledge using AI technology while building the infrastructure of human freedom. Use our decentralized, blockchain-based, uncensorable free speech platform at Brighteon.io. Explore our free, downloadable generative AI tools at Brighteon.AI. Support our efforts to build the infrastructure of human freedom by shopping at HealthRangerStore.com, featuring lab-tested, certified organic, non-GMO foods and nutritional solutions.

After a lengthy investigation, researchers were unable to determine how the attackers knew the hardware feature existed or what its purpose is.

The backdooring campaign was significant, infecting the iPhones of thousands of people who worked in Russian embassies and missions. During the years it was active, the victims’ phones were infected via iMessage texts that managed to install malware on the devices without the victim taking any action thanks to a complex exploit chain.

This placed full-featured spyware on their phones capable of transmitting a broad range of sensitive data to servers controlled by the hackers. Some of the data it transmitted included photos, microphone recordings and geolocation information.

Kaspersky Researcher Boris Larin explained what made this attack stand out: “Due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming, requiring a comprehensive understanding of both hardware and software architectures. What this discovery teaches us once again is that even advanced hardware-based protections can be rendered ineffective in the face of a sophisticated attacker, particularly when there are hardware features allowing to bypass these protections.”

In January, another vulnerability was discovered in Apple products. Dubbed LeftoverLocals, it enables attackers who have local access to a device to obtain data that is processed in the local memory of the GPU, something that poses a major risk as the use of Large Language Models increases. The vulnerability means that attackers can eavesdrop on a user’s interactive LLM session, which may give them access to sensitive information. Only some Apple devices have received patches to address this; others remain vulnerable.

Sources for this article include:

Twitter.com

TechRepublic.com

ARSTechnica.com



Take Action:
Support Natural News by linking to this article from your website.
Permalink to this article:
Copy
Embed article link:
Copy
Reprinting this article:
Non-commercial use is permitted with credit to NaturalNews.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.
App Store
Android App
eTrust Pro Certified

This site is part of the Natural News Network © 2022 All Rights Reserved. Privacy | Terms All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing International, LTD. is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. Truth Publishing assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published here. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
Natural News uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Close
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.