forum thread Posted by gymtimidator • Sep 3, 2024
Sep 3, 2024 7:07 PM
Item 1 of 2
Item 1 of 2
forum thread Posted by gymtimidator • Sep 3, 2024
Sep 3, 2024 7:07 PM
Apple 2024 MacBook Air 13-inch Laptop with M3 chip, 13.6-inch Liquid Retina Display, 8GB Unified Memory, 256GB SSD Storage, Backlit Keyboard, Touch ID; Midnight $899
$900
$1,100
18% offAmazon
Get Deal at AmazonGood Deal
Bad Deal
Save
Share
6 Comments
Sign up for a Slickdeals account to remove this ad.
### **What is the GoFetch Vulnerability?**
- **Nature of the Flaw:** GoFetch is a side-channel attack that targets the DMP in Apple's M-series chips. The DMP is supposed to speed up processing by guessing which data will be needed next and loading it into the CPU cache. However, this feature can be manipulated to leak sensitive information, such as cryptographic keys, by confusing the system into treating data as memory addresses[1][2].
- **Impact:** The vulnerability allows attackers to extract secret keys used in encryption, which could potentially compromise data security. This is particularly problematic for cryptographic operations that rely on constant-time programming, a method designed to prevent timing attacks by ensuring operations take the same amount of time regardless of the input[1][3].
- **Mitigation Challenges:** Since the flaw is embedded in the chip's architecture, it cannot be fixed with a software update. Potential workarounds, like using more secure cryptographic software or disabling the DMP, can significantly impact performance, especially on older M1 and M2 chips[4][5].
### **Explain Like I'm 5 (ELI5)**
Imagine your computer is like a house, and the M-series chip is a super-smart butler who tries to guess what you need next and gets it ready for you. This butler sometimes makes mistakes and leaves important things, like your diary, out in the open. A sneaky thief can then peek at your diary without you knowing. To fix this, you would need a new kind of butler who doesn't make these mistakes, but you can't change the butler you already have.
Citations:
[1] A vulnerability in Apple M-series chips could expose encryption keys and harm performance — and the flaw is 'unpatchable' https://www.itpro.com/security/a-...npatchable
[2] "Unpatchable" flaw in Apple M1/M2/M3 chips: GoFetch is the new ... https://www.intego.com/mac-securi...w-spectre/
[3] Security Vulnerability in Apple's M-Series Chips Puts Mac Users' Crypto Private Keys at Risk https://www.insanelymac
[4] The major hardware flaw in Apple M-series chips https://securityintelli
[5] There's a vulnerability in Apple's Mac chips–and the fix might be as ... https://www.macworld.co
[6] New GoFetch Vulnerability in Apple's M Chips Allows Secret Keys Leak on Compromised Computers https://www.techrepubli
[7] Unpatchable vulnerability in Apple chip leaks secret encryption keys https://arstechnica.com/security/...mac-chips/
[8] Unpatchable vulnerability discovered in Apple M1, M2 and M3 chips — what you need to know https://www.tomsguide.c
Window ARM $800 for 16/1TB since 2024
Windows x86 $400 for 16/512 since 2020
Window ARM $800 for 16/1TB since 2024
Windows x86 $400 for 16/512 since 2020
a smartphone with a 50 megapixel camera for $400
a mirrorless camera with a 24 megapixel sensor for $3000
Can you guess which one will get better pictures?