Irreparable vulnerability found in MacBooks with M1 and M2 chips

A new unpatched vulnerability has been discovered on MacBooks with M1 and M2 chips that could compromise user privacy, writes ArsTechnica.

A new study has found that the M1 and M2 chips contain a vulnerability called GoFetch. It allows attackers to obtain end-to-end encryption keys when cryptographic protocols are executed on the device.

In fact, this problem cannot be fixed directly, as it stems from the microarchitectural design of the chip itself.

The only way to fix this is to build protection into third-party cryptographic software, which can drastically degrade M-series performance when performing cryptographic operations on a MacBook.

The issue reportedly stems from a previously unknown DMP behavior that is memory-dependent in the data prefetch facility.

DMP is a cache prefetching tool that looks at the contents of the cache for possible pointer values and prefetches data in those locations into the cache if it sees memory access patterns that suggest that following those pointers would be useful.

Using this finding, attackers can access sensitive information on MacBooks without needing root access, just standard user privileges similar to those required by regular programs.

Apple has not yet commented on the situation.