Set as Homepage - Add to Favorites

【Horned Japanese Female College Student: Pleasure Share House】

Source:Miracle Information Network Editor:Science Time:2025-06-26 06:40:29

A new security vulnerability has been discovered in Apple's Mac and Horned Japanese Female College Student: Pleasure Share HouseMacBook computers – and the worst part is that it's unpatchable.

Academic researchers discoveredthe vulnerability, first reported by Ars Technica, which allows hackers to gain access to secret encryption keys on Apple computers with Apple's new Silicon M-Series chipset. This includes the M1, M2, and M3 Apple MacBook and Mac computer models.  

SEE ALSO: Bing vulnerability made it possible to alter search results

Basically, this vulnerability can be found in any new Apple computer released from late 2020 to today.

You May Also Like

What is the vulnerability?

The issue lies with prefetchers— components meant to predictively retrieve data before a request to increase processing speed — and the opening they leave for malicious attacks from bad actors.

The researchers have dubbed the attack "GoFetch," which they describe as "a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs)." 

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

A side-channel attack is a type of cyber attack that uses extra information that's left vulnerable due to the design of a computer protocol or algorithm.

The researchers explained the issue in an email to Ars Technica:

Related Stories
  • Airbnb banned indoor security cameras. Here's why.
  • Hackers cause EA to postpone Apex Legends pro gamer tournament
  • iCloud wasn't hacked for ransom, but you should make sure to keep your account safe, anyway

Prefetchers usually look at addresses of accessed data (ignoring values of accessed data) and try to guess future addresses that might be useful. The DMP is different in this sense as in addition to addresses it also uses the data values in order to make predictions (predict addresses to go to and prefetch). In particular, if a data value "looks like" a pointer, it will be treated as an "address" (where in fact it's actually not!) and the data from this "address" will be brought to the cache. The arrival of this address into the cache is visible, leaking over cache side channels. 

Our attack exploits this fact. We cannot leak encryption keys directly, but what we can do is manipulate intermediate data inside the encryption algorithm to look like a pointer via a chosen input attack. The DMP then sees that the data value "looks like" an address, and brings the data from this "address" into the cache, which leaks the "address." We don’t care about the data value being prefetched, but the fact that the intermediate data looked like an address is visible via a cache channel and is sufficient to reveal the secret key over time.

Basically, the researchers discovered that the DMPs in Apple's Silicon chipsets – M1, M2 and, M3 – can give hackers access to sensitive information, like secret encryption keys. The DMPs can be weaponized to get around security found in cryptography apps, and they can do so quickly too. For example, the researchers were able to extract an 2048-bit RSA key in under one hour.

Usually, when a security flaw is discovered nowadays, a company can patch the issue with a software fix. However, the researchers say this one is unpatchable because the issue lies with the "microarchitectural" design of the chip. Furthermore, security measures taken to help mitigate the issue would require a serious degradation of the M-series chips' performance.

Researchers saythat they first brought their findings to Apple's attention on December 5, 2023. They waited 107 days before disclosing their research to the public. 

Topics Apple Cybersecurity MacBook

Previous:Best portable power station deal: Save $179.01 on the EcoFlow River 2 Max

Next:Skype is finally shutting down

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

Can 'free speech' be 'moderated'? Yes.Why Captain America is (probably) a virginNew Yorkers rejoice no longer living in building with Trump's name on itMark Zuckerberg might not be untouchable after allBaby monkey finds a home on a bunch of goats, and yes it's very cuteDamian Lillard's ice cold victory stare is now a memeTrump gets ghosted by New Zealand PM because earthquakes will do that'Avengers: Endgame': When's the best time to take a bathroom break?Samsung delays the U.S. release of Galaxy Fold after screen problemsHillary Clinton in first speech since conceding says: 'Never, ever give up'Samsung delays the U.S. release of Galaxy Fold after screen problemsDavid Blaine freaks out Drake and Steph Curry in his new specialHillary Clinton in first speech since conceding says: 'Never, ever give up'Departing the U.S. from an airport? Your face will be scanned.Twitter responds to a dad's desperate plea to help his autistic sonOnePlus 7 Pro is coming on May 14Why we can't trust Bran or the ThreeChina, India would pick up America's clean energy slack under TrumpFacebook may soften political ad rules for EU electionTesla Model S and Model X ranges get big upgrades EEC fillings appear to confirm 6 new Apple Watch models Peter Kavinsky from Netflix's 'To All the Boys' is a perfect boyfriend Huge fire tornado revealed in new videos from California Brexit could make it harder for Irish women seeking abortions in UK OnePlus 6T might be sold exclusively at T Hillary Clinton sends off The Toast with a heartfelt note 10 Instagram posts that got people talking this week Watch a very cute dog husk some corn on the farm Peer pressure, false claims lead many women to remove pubic hair, study finds Australian election won by sausage outrage, Harambe and uncertainty These are the 10 best platforms for building a mobile app The world's first 'To All the Boys' is the romcom for girls who thought they'd die alone Kelly Marie Tran strikes back at haters in a powerful NY Times essay Your next Uber ride may come with an in No, you can't just text your last will and testament to someone, court rules Amazon ruined its video game pre 24 times 'To All the Boys I've Loved Before' was too cute to handle Tech IPOs, already rare, aren't about to start after Brexit Feds warn about drones after Venezuela attack

2.1568s , 10131.796875 kb

Copyright © 2025 Powered by 【Horned Japanese Female College Student: Pleasure Share House】,Miracle Information Network  

Sitemap

Top

Quick Links