this post was submitted on 21 Mar 2024
1 points (100.0% liked)

Technology

2018 readers
1 users here now

Post articles or questions about technology

founded 2 years ago
MODERATORS
[email protected]
1
Unpatchable vulnerability in Apple chip leaks secret encryption keys (arstechnica.com)
submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/[email protected]
6 comments fedilink hide all child comments
 

A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday.

The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

top 6 comments
sorted by: hot top controversial new old
[–] [email protected] 0 points 6 months ago

The real question is this on purpose or not.

Either way, Apple done fucked up. If this was on purpose, seems like a rookie move since they need this bitch to stay zero day.

[–] [email protected] 0 points 6 months ago

Looks like these M series vulnerabilities will be Apple’s Downfall.

[–] [email protected] 0 points 6 months ago (1 children)

So apple want everyone that has a m1 or m2 to buy the…..m3 :) Joke. But thats serious fuck up.

[–] [email protected] 0 points 6 months ago (1 children)

It sounds pretty bad, but, fortunately, it’s able to be mitigated with software patches. for now, anyway. Also, fortunately, it’s in older–series chips and won’t present a problem moving forward with newer series chips.

Still, not good.

[–] [email protected] 0 points 5 months ago

The vulnerability is actually present in modern series chips as well, it's just that they include an optional chip flag that cryptography libraries may leverage to disable the speculative processing that causes the leak.

[–] [email protected] 0 points 6 months ago

Whoops