Researchers from the University of Washington, UC Berkeley, Carnegie Mellon, UIUC, and Georgia Tech call this type of attack GoFetch, in reference to the processor chip’s Data Memory Prefetcher (DMP), which is used to predict predict what data the computer will need to use next and retrieve that data in advance. DMP makes processing faster but can also reveal information about your computer’s performance.
Research shows that DMPs, especially those in Apple’s M chip line, can leak information even when the program is designed not to reveal any data in the way it accesses memory. The researchers’ tests showed they could access sensitive information like a 2048-bit RSA key in just under an hour.
Macbook Air uses M1 and M2 chips. Photo: Macrumors
According to the researchers, the vulnerability in the M chip cannot be patched, but can only be mitigated by enhancing security in third-party encryption software. However, this can reduce chip performance when performing encryption, especially on M1 and M2 chips.
This is not the first time security experts have found threats in Apple’s DMP. In 2022, researchers discovered a similar vulnerability in the M1 and A14 Bionic chips for iPhone that could lead to an Augury attack. However, it cannot extract sensitive data, while GoFetch proves dangerous and poses a greater security risk.
DMP attacks are uncommon, typically requiring physical access to the Mac. The researchers notified Apple about the vulnerability. Apple representatives declined to comment when asked about the above report.
Huy Duc (according to MacRumors )
EN 
VI
Leave a Reply
You must be logged in to post a comment.