In previous articles, the editor has shared and introduced many vulnerabilities in Intel and AMD processors to the readers, such as the AVX512 vulnerability in Intel processors, the MetalDown vulnerability, and the fTPM vulnerability in AMD processors, etc.
Generally, Intel and AMD are the absolute protagonists of such news, and the editor rarely mentions Apple. However, as the saying goes, “Even the wisest can make mistakes.” Although Apple’s M series processors are far ahead in performance and indeed much more secure than Intel and AMD, they can have vulnerabilities or face issues.
Recently, a third-party security team discovered a very “serious” security vulnerability inside Apple’s M1, M2, and some M3 chips, named “GoFetch.”
The risk of GoFetch is that it allows malicious programs to steal encrypted information from the CPU cache, obtain encryption keys, and ultimately enable attackers to access and steal sensitive data in the system.
GoFetch exploits a vulnerability in the Data Memory Dependence Predictor (DMP) in Apple processors. It’s important to note that DMP is not unique to Apple processors; Intel’s processors from the 12th generation Core series also have it.
The purpose of the predictor is to preload memory content into the cache, but it also loads the key into the CPU cache, which has pointer values used to load other data.
In this case, malicious attackers can use a special application that includes the GoFetch vulnerability to trick encryption software into putting sensitive data into the cache, thereby attacking and stealing it. This is a very “serious” security vulnerability that affects various encryption algorithms.
For seasoned digital hardware enthusiasts, finding security vulnerabilities in processors is not surprising. Generally, Intel and AMD would release corresponding firmware to fix and compensate. So, for the GoFetch security vulnerability, could Apple do the same?
Unfortunately, the answer is no. The only viable solution is to take mitigating measures at the software level or force encryption software to run on cores without the predictor. However, this would significantly reduce the encryption and decryption performance of the M1, M2, and some M3 processors, a very awkward situation where you can’t have both performance (fish) and security (bear’s paw).
Although most of Apple’s M series processors have this security vulnerability, there are exceptions, namely some M3 series processors.
These processors have a special “switch” that Apple can conveniently use to release firmware that disables the processor’s Data Memory Dependence Predictor, thereby plugging the security hole, but this will also reduce the processor’s performance.
Seeing this, many people using Intel processors might wonder:
Since Intel processors from the 12th generation Core series also have DMP, do they also have the GoFetch security vulnerability, and is it also irreparable?
You can rest assured about this issue; Intel processors do not have this security vulnerability because Intel’s processor development and design approach is more comprehensive and meticulous.
Simply put, when designing processors, Intel leaves switches for certain functions, so they can later enable or disable these functions through firmware releases to fix certain security vulnerabilities. Most of Apple’s previous M series processors did not do this, so they fell into the trap. It is expected that Apple will adopt this approach in developing future new processors.
Additional note: The GoFetch official website has released more detailed technical details about this vulnerability, including attack demonstration videos. Interested parties can visit to learn more, but please do not use it for illegal purposes.
As of now, Apple has not disclosed the specific release date of the official repair program. Users of Apple devices with M series processors should pay attention to official announcements. The editor will share the latest updates as soon as they are available, so please stay tuned.
Related:
- Intel Halts 14nm CPUs: Core i9 12900KS Included
- Boost Ryzen 9000: How AGESA 1.2.0.2 Improves Performance
Disclaimer: This article is created by the original author. The content of the article represents their personal opinions. Our reposting is for sharing and discussion purposes only and does not imply our endorsement or agreement. If you have any objections, please contact us through the provided channels.
