All systems can easily be exploited. Whether that’s a freebie giveaway or computer hardware, humans will often find the weaknesses. Intel had to take a bitter pill back in 2018 after the widespread Spectre vulnerability was revealed. AMD was also hit by Zenbleed and Inception last summer. Now it’s Apple’s turn, with a massive, unpatchable vulnerability in M-series CPUs that can leak encryption keys.
As reported by Ars Technica, this security flaw allowed academic researchers to pull end-to-end encryption keys from Apple’s processors, using an app with normal third-party software permissions in macOS. Called GoFetch, the attack they created works through what’s called a side-channel vulnerability—using sensitive information discovered through watching standard behavior. It’s a bit akin to observing armored-car guards carry bags out of a business, and valuing the contents based on how heavy they seem (e.g., gold vs. paper cash).
Chip nerds can read the fuller technical details in Ars Technica’s rundown of the situation, as well as a few details about Intel’s 13th-gen Raptor Lake processors (which also operate similarly but aren’t affected by GoFetch). The gist is…
