Apple Silicon chip has been exposed to security vulnerabilities that can be mitigated but at the expense of performance

 According to news on March 22, security experts recently discovered a security vulnerability in Apple’s Apple Silicon chip, which can be exploited by hackers to steal user data. Experts said that although the vulnerability can be mitigated and fixed, it will seriously affect performance.

The vulnerability exists in the Data Memory-Dependent Prefetcher (DMP) and allows hackers to steal encryption keys and access user data.

DMP, also known as the indirect memory prefetcher, is located in the memory system and can predict the memory address of the data that the currently running code is most likely to access.

Hackers can use existing access patterns to predict the next data bit to be obtained, thereby affecting the data being prefetched and accessing the user's sensitive data. The researchers named this attack "GoFetch".

The researchers confirmed that a hacker could disguise the data as a pointer, trick the DMP into seeing it as an address location, and pull that data into the cache. This attack cannot crack the encryption key immediately, but it can eventually obtain the key through repeated attempts.

The GoFetch attack uses the same user permissions as many other third-party macOS applications and does not require root access, which lowers the barrier to actually running the attack.

The researchers' test application was able to extract a 2048-bit RSA key in less than an hour, and a 2048-bit Diffie-Hellman key in just over two hours.

The problem facing Apple is that because this vulnerability exists in the core part of the Apple Silicon chip, it cannot be completely repaired in the short term.

And any mitigation measures deployed by Apple will increase the amount of work required to perform the operation, thereby affecting performance.