Click to Skip Ad
Closing in...

M1 Mac and newer models have an unpatchable vulnerability

Published Mar 22nd, 2024 11:23AM EDT
Apple MacBook Pro 2021 Closed
Image: Christian de Looper for BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

A new vulnerability was found on M1 Mac and newer models that allow hackers to extract encryption keys. This issue is unpatchable, which means every Mac user could be compromised, but it doesn’t mean you should freak out.

As first reported by Ars Technica, an academic research paper highlights this unpatchable vulnerability that can extract encryption keys from M1 Mac and newer models.

The researcher named this vulnerability GoFetch, a “microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).”

They have found this issue with M1 Mac devices but found that M2 and M3 CPUs also exhibit “similar exploitable DMP behavior.” They have not tested with other chip variants, such as M1 Max, M2 Pro, etc., but the researchers hypothesize that they’re likely to be exploited as well.

How can you protect your M1 Mac against this attack?

M2 Mac miniImage source: Christian de Looper for BGR

The researchers say that the best way to protect yourself is by constantly updating your Mac to the latest version of macOS. For developers of cryptographic libraries, they can either set the DOIT bit and DIT bit bits, which disable the DMP on some CPUs, such as M3 processors.

Still, the best way to avoid this attack is by preventing others from physically accessing your M1 Mac computer: “Preventing attackers from measuring DMP activation in the first place, for example, by avoiding hardware sharing, can further enhance the security of cryptographic protocols.”

Besides that, there isn’t much more you should do. The researchers warned Apple on December 5, 2023. Although the company hasn’t addressed any public comment on this issue, it’s possible that feature chips – or even software updates could patch this vulnerability.

You can learn more about this issue here.

José Adorno Tech News Reporter

José is a Tech News Reporter at BGR. He has previously covered Apple and iPhone news for 9to5Mac, and was a producer and web editor for Latin America broadcaster TV Globo. He is based out of Brazil.