Unpatchable Bug in Apple M1, M2, and M3 Chipsets

Apple Silicon refers to the series of custom-designed chips developed by Apple for use in their Mac computers and iPad Pro tablets. These chips, which include the M1, M2, and M3 processors, are based on the ARM architecture and are designed to offer superior performance, energy efficiency, and security compared to the Intel processors previously used in Apple's devices.

Apple Silicon chips integrate various components, such as the CPU, GPU, Neural Engine, and RAM, onto a single system-on-a-chip (SoC). This integration allows for better optimization and communication between components, resulting in improved performance and power efficiency.

The transition to Apple Silicon has enabled Apple to have greater control over the hardware and software integration in their devices, leading to a more seamless user experience and better optimization of apps for the platform

A team of researchers has recently uncovered a security flaw, named "GoFetch," in Apple's M1, M2, and M3 chipsets. This hardware-level vulnerability is found in the Data Memory-dependent Prefetchers (DMP) of these chips, which are designed to optimize performance by predicting and prefetching memory addresses that running code is likely to access in the near future, thus reducing latency.

The issue arises from the DMP's inability to differentiate between actual memory addresses and data mistakenly interpreted as addresses. This flaw can be exploited by a malicious app to repeatedly leak cryptographic keys, compromising the encryption security of devices equipped with these processors.

The GoFetch vulnerability is particularly concerning because it is a hardware-level issue, making it unpatchable without physically replacing the affected processor. This means that users of devices with M1, M2, and M3 chips are potentially at risk until they upgrade to a newer, unaffected device.

Mitigating the GoFetch threat poses significant challenges. Disabling the DMP would lead to substantial performance penalties and may not even be possible on M1 and M2 CPUs. Applying cryptographic blinding-like techniques requires DMP-specific code changes to every cryptographic implementation and could result in heavy performance penalties for some schemes. Another potential solution is to run all cryptographic code on Icestorm cores, which do not activate the DMP. However, this approach would also reduce performance, and there is a risk that DMP might be enabled on these cores in the future.

The discovery of the GoFetch vulnerability highlights the ongoing challenge of securing modern CPU architectures against increasingly sophisticated side-channel attacks. Side-channel attacks take advantage of the CPU's cache memory, shared by all processes, where timing differences between cache hits and misses can reveal information about other processes using the same memory.

Previous vulnerabilities, such as Spectre and Meltdown discovered in 2016, also exploited cache side channels and speculative execution to read arbitrary memory on the CPU. These findings led to the development of constant-time programming, a design approach that ensures operations take the same amount of time regardless of cache hits or misses, thus preventing side-channel leaks.

For now, the best protection against the GoFetch vulnerability is to prevent any remote code execution on the vulnerable computer, keep hardware, systems, and software up to date, and exercise caution when installing software from untrusted sources or clicking on links in phishing emails. As Apple works on addressing this issue, users should remain vigilant and take necessary precautions to safeguard their devices and sensitive data.