Last updated:
| 2 min read
Researchers have uncovered a significant security vulnerability in Apple’s M-series chips, raising concerns about the safety of crypto private keys stored on Mac computers.
According to a recent report, the vulnerability, a side-channel exploit, allows malicious actors to extract encryption keys while the Apple chips are executing commonly used cryptographic protocols.
Unlike typical vulnerabilities that can be addressed through software patches, this particular flaw resides in the microarchitectural design of the chips themselves, rendering it “unpatchable.”
To mitigate the issue, third-party cryptographic software would need to be employed, but this could severely impact the performance of earlier M-series chips, including the M1 and M2.
Fundamental Weakness in Apple’s M-Series Chips Security Poses Threat to Crypto Holders
The findings shed light on a fundamental weakness in Apple’s hardware security infrastructure.
Hackers can intercept and exploit memory access patterns to gain unauthorized access to sensitive information, including encryption keys utilized by cryptographic applications.
The researchers have given this type of attack the name “GoFetch” exploit, which operates seamlessly within the user environment and requires standard user privileges like regular applications.
Following the disclosure of this research, Mac users in online forums have expressed concerns and raised questions about the potential impact on password keychains.
Some users believe that Apple will address the problem directly within its operating system, while others express greater worry if the company fails to do so.
One user pointed out that Apple might already be aware of this flaw, speculating that the upcoming M3 chip includes an additional instruction to disable the vulnerable feature.
They referred to previous research on the topic, known as “augury,” dating back to 2022.
Apple Faces DOJ Lawsuit
This discovery adds to the mounting challenges faced by Apple, including an ongoing antitrust lawsuit filed by the US Department of Justice (DOJ).
The lawsuit alleges that Apple’s rules for the App Store and its alleged monopoly have stifled competition and innovation.
The DOJ also claims that Apple has restricted access to competing digital wallets, which offer enhanced features, while preventing developers from offering their own payment services to users.
Last year, a class-action lawsuit was filed against Apple, alleging that the tech giant has engaged in a conspiracy to limit peer-to-peer payment options on its devices and block the integration of crypto technology in iOS payment apps.
The complaint claimed that Apple entered into anti-competitive agreements with popular payment platforms such as PayPal’s Venmo and Block’s Cash App.
These agreements allegedly restrict the use of decentralized cryptocurrency technology in payment apps, resulting in inflated prices for users.
Furthermore, Apple’s guidelines require app developers to share 30% of transaction revenues.
This has been a barrier for crypto firms, including those facilitating the purchase of non-fungible tokens (NFTs), as they strive to provide services to iOS users.
As reported, Apple has removed the Bitcoin-friendly social media app Damus from the App Store for violating its terms of service.
The app has a tipping feature that allows content creators to receive tips in the form of Bitcoin through the Lightning Network.
Apple deemed this feature a violation of its guidelines, as it prohibits developers from selling additional in-app content unless the transactions go through Apple, through which the tech giant takes a 30% cut.
Read the full article here