Subj : GoFetch security flaw is "unpatchable" on Apple M1 and M2 chips To : All From : TechnologyDaily Date : Tue Mar 26 2024 13:30:05 GoFetch security flaw is "unpatchable" on Apple M1 and M2 chips but all is not lost Date: Tue, 26 Mar 2024 13:23:36 +0000 Description: Speculative Apple feature vulnerability can't be fixed with a patch, but there is a workaround, researchers claim. FULL STORY ====================================================================== The researchers who recently uncovered the GoFetch vulnerability affecting Apple M1 and M2 chips have come forward with new information that could be both good and bad news. GoFetch plagues Apple M-series and Intel Raptor Lake CPUs, and could result in the theft of sensitive information. It is described as a side-channel attack that leans on the performance-enhancing prediction features many modern silicons carry. In that respect, its similar to previously disclosed vulnerabilities such as Spectre or Meltdown. To achieve better performance, some chips try to predict the softwares next moves, and load the data in the memory in advance. That way, when the data is needed, its already present and thus results in faster performance. But this data can be leaked, and fixing the issue might mean a decrease in performance. Good news and bad news The good news is that generally, this vulnerability can be easily addressed by disabling the speculative feature. True, it will result in poorer performance, but in the case of GoFetch, that decrease in performance would only be limited to cryptographic functions, so it shouldnt be that big of a deal. The bad news is that this problem cannot be solved on the M1 and M2. "We observe that the DIT bit set on M3 CPUs effectively disables the DMP. This is not the case for the M1 and M2," the researchers explained. The silver lining here is that there is a workaround. As The Register explained in its writeup, Apples M-series chips have two types of cores: Firestorm and Icestorm. GoFetch only works on Firestorm cores, meaning that if cryptographic functions are to be moved over to Icestorm, it would solve the problem. However, Icestorm is smaller and slower than Firestorm, so the performance will still take a hit. Security wont however, and that should be the whole point. More from TechRadar Pro Python devs are being targeted by this massive infostealing malware campaign Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/gofetch-security-flaw-is-unpatchable-on -apple-m1-and-m2-chips-but-all-is-not-lost --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .