New chip flaw hits Apple Silicon and steals cryptographic keys from system cache — 'GoFetch' vulnerability attacks Apple M1, M2, M3 processors, can't be fixed in hardware

Aaron Klotz
·3 min read
Apple Silicon is sad.
Apple Silicon is sad.

Researchers have discovered a massive security vulnerability inside Apple M1, M2, and M3 silicon. The vulnerability, dubbed 'GoFetch,' steals cryptographic information from the CPU cache enabling an attacking program to build a cryptographic key from stolen data, allowing the application to access sensitive encrypted data. Ars Technica first reported on the security flaw.

GoFetch takes advantage of an overlooked security exploit in Apple silicon surrounding its state-of-the-art data memory-dependent prefetcher (DMP). A next-generation prefetcher only found in Apple silicon and Intel's Raptor Lake CPU architectures that loads memory contents into cache before they are needed. The vulnerability surrounds an overlooked behavior in the prefetcher where it will load key material into the CPU cache featuring a pointer value that is used to load other data. DMP will sometimes confuse memory content and load inappropriate data into the CPU cache.

The problem with this vulnerability is that it completely neutralizes the security effects of constant-time programming, which is a side-channel mitigation encryption algorithm used to defeat prefetcher-related side-channel/CPU cache-related attacks. As a result, applications utilizing GoFetch can trick encryption software into putting sensitive data into the cache for the attacking application to steal.

This is a serious vulnerability that affects all kinds of encryption algorithms, including 2,048-bit keys that are hardened to fend off attacks from quantum computers. Unfortunately, there is no way to patch the vulnerability in silicon. The only way forward is software-based mitigations that will slow down M1, M2, and M3's encryption and decryption performance. Technically, developers can force their encryption software to run only on the E-cores, which do not have this prefetcher, however, this comes at an obvious performance cost too.

The only exception is Apple's M3 silicon which purportedly features a special "switch" that developers can turn on to disable the chip's data memory-dependent prefetcher. However, nobody knows yet how much performance will be lost if this special optimization is turned off. For all we know, it could hinder performance just as much as software mitigation.

The interesting tidbit is that Intel's Raptor Lake CPU architecture (which includes both 13th and 14th Gen CPUs) doesn't have this vulnerability despite sharing the same prefetcher as Apple's M series chips. We don't know why this is the case, but it demonstrates that this vulnerability can be patched in silicon. However, this will only occur in future Apple M series architectures (i.e. M4) when Apple's engineers have time to re-design its CPU architecture to account for the recently discovered vulnerabilities.

Apple has yet to publish any release dates for an official fix, but due to the vulnerability this issue poses, we suspect a fix will arrive within the year.

The researchers that published the information hail from the University of Illinois Urbana-Champagne; University of Texas at Austin; Georgia Insitute of Technology; University of California, Berkeley; University of Washington; and Carnegie Mellon University.