I'm prone to scattering words on paper

only to herd them and wrangle them into shape.

I muse and sample life. Sometimes, I give tips and spill the tea about techniques.

and sometimes... I'm just quiet.

Alert GoFetch Attack

Security Alert: GoFetch

March 23, 20242 min read

Well, it’s not just antitrust lawsuits spoiling Apple’s week.

A Mac encryption flaw’s been found by researchers! Here's what you need to know (without a lot of tech jargon)

There's a bit of a hitch with Apple's new M-series chips (M1, M2, and M3) in 2020 and later Macs. Security researchers discovered a weakness in the data memory-dependent prefetcher (DMP) that could potentially expose the secret codes used to scramble your data on your Mac.

Security Alert

Security experts have long known that classical prefetchers open a side channel that malicious processes can probe to obtain secret key material from cryptographic operations.

In response, cryptographic engineers have devised constant-time programming, an approach that ensures that all operations take the same amount of time to complete, but it can slow down processing.

Here's the non-techy breakdown:

  • Macs use special tools to predict what information you might need next, kind of like the suggestions for words when you text.

  • This makes Macs processing faster, but in this case, it backfires. The prediction tool can sometimes mix things up and grab secret info (like your encryption key) instead.

  • Hackers could potentially exploit this mix-up to steal your secret keys. This could mess with things that rely on strong encryption, like secure messaging or online banking.

The not-so-great news:

  • This weakness is built into the actual chip silicon itself, so Apple can't just fix it with a simple software update.

  • There's a new attack called "GoFetch" that can take advantage of this flaw, potentially allowing attackers to steal your encryption keys. 

The almost-good news:

  • Software developers can build in extra security features to protect your data, but this might slow down your Mac, especially on older M1 and M2 models.

What you can do:

  • Don’t panic.

  • Keep an eye out for updates to your Mac software, especially those that involve encryption. These updates might include the new security features mentioned above.

  • Since we're not sure exactly which programs are vulnerable yet, it's best to be cautious and assume they all might be at risk for now.

The bottom line:

There's a new security concern with Apple M-series chips, but Apple, security, and other software developers are working on ways to protect your data. Stay updated with your software and be cautious until a more permanent fix is available.


The Securista - Online Cybersecurity DefendHer for the Kickass Woman Entrepreneur

Ange "Gos" Payton

The Securista - Online Cybersecurity DefendHer for the Kickass Woman Entrepreneur

Back to Blog

Grimmley says Hello

“I'm a Catahoula Leopard Hound and I help my mom.”

START TO DREAM

Eatdrinkmultimedia.com - All Rights Reserved - Terms & Conditions