Recently, the discovery of a security flaw in Macs equipped with Apple silicon has made some headlines – perhaps too alarmist. This situation affects both M1, M2, and M3, and as far as we know, it cannot be patched through a software update. But are we really at risk? The answer is rather no. Let’s take a closer look.
First, the technical explanation
The issue at hand lies in a process known as Data Memory-dependent Prefetchers (DMP). DMPs are hardware optimizations that predict the memory addresses of data that the running code will likely need in the near future, loading them into the CPU cache before they are required. This function aims to reduce latency between the main memory (RAM) and the CPU, a common bottleneck in any computer system.
The implementation of DMPs in Apple silicon chips, but it contains an error that has been discovered, as reported by ArsTechnica, by several security researchers. Researchers who have created an application that serves as a proof of concept: GoFetch.
This app highlights the error that, in turn, lies in the fact that, occasionally, the data stored in the chip is mistakenly identified as a memory address and, therefore, is cached when it shouldn’t. If a malicious application induces this error repeatedly, it could eventually decrypt the cryptographic key and access the data.
This happens because, unlike other prefetchers that only consider data addresses, DMPs also use data values to make predictions about whether to load a value into memory. If a data value appears to be a pointer, even if it is not, it will be treated as an address, causing the data from this incorrect “address” to be brought into the cache, revealing the information. According to researchers, possible solutions to mitigate the risk would significantly compromise device performance.
Are we really at risk?
Despite the importance of the error, researchers point out that the actual risk for users is very low, as exploiting the vulnerability would require an attacker to deceive a user into installing a malicious application. Thus, we ourselves are our best protection when installing applications only from the App Store or trusted sources.
In addition, the time required to carry out a possible attack is quite considerable, ranging from 54 minutes to 10 hours according to the tests carried out, so the app must remain open during that time. Meanwhile, thanks to the discovery reported to Apple by the researchers, it is expected that future M4 chips will solve this issue. Meanwhile, without ruling out the possibility that Apple may find a solution without compromising performance, caution on our part will ensure the protection of our data.
It is not the first time that some process of optimizing chip performance plays a trick on security. The most well-known is undoubtedly Meltdown and Specter, which affect Intel chips and were discovered a few years ago. In this sense, it is clear that security in digital environments is not based on a single element, but rather a combination of several.
In this case, the fact of having to install an unverified font app, something that the system tries to prevent – although as users we can ignore its warning – is as important as the proper functioning of the chip and its processes. Another reminder to follow good security practices in our daily lives.
However, the discovery of this bug once again highlights the need to defend our security at all times. Even when elements like DMA play a role in it, as we move towards an increasingly digitized future, the need to protect our information becomes more critical. That being said, as long as we install our applications from the App Store or trusted developers, our Mac will remain as secure as the first day.
