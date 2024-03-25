MacBook Pro, MacBook Air, iMac and Mac mini from Manzana They have been characterized by the use of the M1 and M2 chips, which provide them with great performance. However, as was recently discovered, They also expose them to hackers who seek to obtain users' encrypted keys through cryptographic operations.

According to GoFetch, a group of university students, Apple's M1 and M2 chips have been discovered to suffer from a vulnerability. Here, hackers can take advantage of the dependent memory prefetcher, or DMP, since it sometimes confuses the actual contents of memory with the pointer used to predict the memory address, which opens the possibility for hackers to take advantage of this confusion to guess fragments of a cryptographic key until it is completely deciphered. This is what was said about it:

“Prefetchers typically look at the addresses of the data being accessed (ignoring the values ​​of the data being accessed) and try to guess future addresses that might be useful. The DMP is different in this sense, since in addition to addresses, it also uses data values ​​to make predictions (predicting the addresses to go to and searching beforehand). In particular, if a data value 'looks like' a pointer, it will be treated as an 'address' (where in reality it is not!) and the data at this 'address' will be taken to the cache. The arrival of this address in the cache is visible and filtered through the cache side channels.”

Although Apple has not issued a statement on the matter, the company could easily fix this problem, although this would also mean substantially reducing the performance of the M1 and M2 chips, something that probably not many will agree with. Fortunately, the product line with the M3 chip is expected to no longer suffer from this security hole.

It's no secret that Apple products are far from perfect. However, it is the quality of their laptops and mobile devices that draw attention. If the company does not do something against these hacker attacks, they are likely to lose their reputation.

Via: GoFetch