Ouch: Macs with Apple Silicon suffer from an unfixable flaw that leaks security keys

Apple Mac computers have been powered by in-house Arm-based processors since 2020, bringing a major horsepower and efficiency boost over rival computers. However, it turns out that these Apple Silicon chips have a vulnerability that can’t be fixed.

A team of researchers (h/t: Ars Technica) discovered the so-called GoFetch flaw in Apple’s M1, M2, and M3 series of computer processors. The threat allows someone to extract security keys from these chips, breaking encryption as a result.

GoFetch is a “microarchitectural side-channel attack” and affects a part of Apple’s chips called the data memory-dependent prefetcher (DMP), which is used to speed up operations.

What can be done about GoFetch?

The flaw can’t be patched directly as it relates to the actual hardware design of these chips. Furthermore, the team explains that the DMP can only be disabled on the M3 chip. This nevertheless suggests that Apple — which was notified of the flaw in December 2023 — will need to make hardware changes to future M-series processors to comprehensively address the vulnerability.

The research team adds that Intel’s 13th generation Raptor Lake chips also have a DMP but noted that “its activation criteria are more restrictive, making it robust to our attacks.”

Nevertheless, Ars Technica reports that almost all mooted measures to mitigate this flaw come with a significant performance penalty. One notable defense would be to run any cryptographic tasks on Apple’s efficiency cores, which apparently lack DMP and therefore aren’t vulnerable to this flaw. But this could result in slower performance, while there’s no guarantee that DMP won’t come to the efficiency cores down the line.

Got a Mac or MacBook powered by Apple Silicon and wondering how you can protect yourself? Unfortunately, there’s not much you can do, but the team notes that you should still regularly update your device and software.