BleepingComputer reports that threat actors could leverage the novel GoFetch side-channel attack to facilitate the exfiltration of secret cryptographic keys from devices running on Apple M1, M2, and M3 processors.
Such an attack involves a security issue in the data memory-dependent prefetcher of Apple devices stemming from nonadherence to constant-time good practices, which could result in data dereferencing that could eventually allow reconstruction of secret cryptographic keys, according to a team of U.S. researchers, who discovered and reported the vulnerability to Apple.
While the attack could be mitigated by deactivating DMP on devices running on Apple M3, such a fix could not be done on M1 and M2 devices, said researchers, who added that developers could also implement DMP activation masking and input blinding to address the issue. Apple device owners have also been urged to ensure timely operating system updates and proper software downloads as Apple has not yet detailed plans to remediate the issue in a security update.
