New Apple silicon security flaw could allow the extraction of encryption keys, but don't dust down that old Intel Mac just yet

News
By Oliver Haslam
published

Your Mac is a bit less secure than you thought.

The 2024 MacBook Air M3 on a wooden table in front of a bookshelf.
(Image credit: Gerald Lynch / Future)

Apple silicon has transformed the Mac since the M1's introduction and that continued with the M2 and the latest M3, the chip that powers the latest MacBook Air and other best MacBooks. It brought with it a level of performance and battery life that was previously not possible when using Intel's chips and the fluidity of the chipmaker's roadmap made it difficult to plan products around. But while the M-series chips have been a revelation, they aren't perfect — as news of a newly found security flaw proves.

The flaw, which just so happens to be unpatchable, has the potential to open the doors to Mac's encryption keys. That's bad news for anyone who values their privacy and security, although there is a discussion to be had about just how much of a problem the flaw really is. What we do know is that the flaw is real, however, and it's present in all M1, M2, and M3 Macs as well as potentially future models as well.

This isn't the first Apple silicon security flaw of course, but any new flaw is sure to be a thorn in the side of Apple's much-flaunted silicon team.

Unpatchable flaw

The flaw was first reported by ArsTechnica and the outlet explains that the issue comes thanks to the way that modern chips, like the M-series, process information. The Dara Memory-dependent Prefetchers (DMP) are used to optimize the performance of chips and are actually an expansion of prefetchers that have been around for years.

"The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future," Ars explains. "By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing."

But researchers have spotted a bug in the DMP which, because of the nature of the beast, cannot be fixed. A workaround could be done via software, but it'll likely have a notable impact on performance when performing cryptographic tasks.

Researchers say that "prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is different in this sense as in addition to addresses it also uses the data values in order to make predictions (predict addresses to go to and prefetch). In particular, if a data value 'looks like' a pointer, it will be treated as an 'address' (where in fact it's actually not!) and the data from this “address” will be brought to the cache. The arrival of this address into the cache is visible, leaking over cache side channels." It's the leaking that the researchers have been able to use when developing their attack on the system.

"We cannot leak encryption keys directly, but what we can do is manipulate intermediate data inside the encryption algorithm to look like a pointer via a chosen input attack," the researchers told Ars via email. "The DMP then sees that the data value 'looks like' an address, and brings the data from this 'address' into the cache, which leaks the 'address.' We don’t care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.

However, as problematic as this might be, it's unlikely to be an issue for the vast majority of people. The tool the researchers created as a proof of concept requires a little less than an hour to do its work, and that's to extract a 2048-bit RSA key. The stronger the key, the more time is required — all the way to around 10 hours for a Dilithium-2 key. That means people would need to unwittingly download and run an unknown app and then have it running for around an hour before there would be any chance of anything being extracted. And considering most Macs are configured not to run apps that have not been signed by Apple by default, that's even less likely to happen.

More from iMore

Oliver Haslam
Oliver Haslam
Contributor

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too. Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.