...
...
Haider Jamal

March 23, 2024

Hackers Can Access Cryptographic Private Keys Of Mac Users

Apple recently encountered a critical vulnerability enabling the extraction of sensitive data. Numerous concerns were raised following the discovery of a potentially catastrophic flaw in the Apple M-series chips, which could apparently allow hackers to obtain the cryptographic private keys of Mac users. Without a direct solution, researchers propose an alternative approach, which could severely impact performance.

 

Vulnerability In M-Series Chips Enables Key Retrieval

The identified vulnerability operates as a side channel, facilitating the retrieval of end-to-end keys during the execution of common cryptographic protocols on Apple chips. Due to its microarchitectural nature, direct patching is not feasible, unlike conventional vulnerabilities.

Instead, the report suggests integrating defenses into third-party cryptographic software as a solution. However, this method might significantly impact the performance of M-series chips during cryptographic tasks, particularly noticeable in earlier generations like M1 and M2.

The researchers further explain that the vulnerability is exploited when both the targeted cryptographic operation and a malicious application, operating with standard user system privileges, are processed on the same CPU cluster.

The key insight is that while the DMP only dereferences pointers, an attacker can craft program inputs so that when those inputs mix with cryptographic secrets, the resulting intermediate state can be engineered to look like a pointer if and only if the secret satisfies an attacker-chosen predicate.

 

The GoFetch Exploit

The latest research reveals an overlooked issue concerning DMPs within Apple silicon. In specific scenarios, these DMPs misinterpret memory content, including critical key material, as the pointer value used for loading other data. Consequently, the DMP frequently accesses and interprets this data as an address, leading to memory access attempts, as explained by the team of researchers.

This process, termed dereferencing of pointers, involves reading data and inadvertently leaking it through a side channel, representing a clear breach of the constant-time paradigm. The researchers identify the exploit as GoFetch, operating under the same user privileges as most third-party applications, targeting vulnerabilities in clusters of M-series chips. It affects both classical and quantum-resistant encryption algorithms, with extraction times varying between minutes to hours depending on the key size.

 

Press Release

Top News

cw-icon 12 hours ago
Eminem Gets Involved With Crypto Through New Ad
cw-icon 1 day ago
ConsenSys Fights Back Against The SEC And Initiates Legal Action
cw-icon 1 day ago
Popular Crypto Influencer Sentenced To Seven Years In Prison
cw-icon 2 days ago
Solana Community Looks Forward To Much Needed Update
cw-icon 2 days ago
Bitcoin Makes History By Becoming The Scarcest Asset In The World
cw-icon 3 days ago
HBAR Skyrockets After BlackRock Successfully Tokenizes MMF On Hedera
cw-icon 3 days ago
Jack Dorsey Will Tap Into Africa For New Bitcoin Mining Initiative
cw-icon 4 days ago
12 Solana Meme Coin Projects Listed As Scams By ZachXBT
cw-icon 4 days ago
Drama At The SEC As Two Lawyers Accused Of Cheating In Crypto Case
cw-icon 5 days ago
Crypto Community Highly Concerned About Section 702 Renewal
cw-icon 5 days ago
Adidas Remains Committed To NFTs Despite Lack Of Institutional Interest
cw-icon 5 days ago
Web3 Fundraising Deals - April 16th To April 22nd, 2024
cw-icon 6 days ago
Bitcoin Stabilizes Post-Halving As Geopolitical Tensions Intensify
cw-icon 7 days ago
The 2024 Bitcoin Halving Has Successfully Been Completed
cw-icon 8 days ago
Everything You Need To Know About World Chain
cw-icon 8 days ago
Ethereum TPS Charts Have A New Leader In Degen Chain
cw-icon 9 days ago
New AML And CFT Policies Supported By Senator Elizabeth Warren
cw-icon 9 days ago
Two NFT Games Offloaded As Yuga Labs Aims To Liberate BAYC Team
cw-icon 10 days ago
Klickl Obtains FSP In Abu Dhabi As The UAE Looks Toward The Future
cw-icon 10 days ago
New Meme Coin Bursts Onto The Scene As DRDOGE Skyrockets In Value
cw-icon 11 days ago
Everything You Need To Know About The 2024 Bitcoin Halving
cw-icon 11 days ago
Top Tax Experts Provide Valuable Advice For Cryptocurrency Holders
cw-icon 12 days ago
Web3 Fundraising Deals - 10th April To 15th April, 2024
cw-icon 12 days ago
Crypto Becomes Increasingly Popular As Brazilian UFC Fighter Promotes Bitcoin
cw-icon 12 days ago
Yomi Provides Insight Into DOGE Golden Cross As SHIB Whale Activity Surges
cw-icon 13 days ago
Bitcoin Undergoes Price Correction As International Conflict Escalates
cw-icon 14 days ago
Hong Kong SFC To Approve Bitcoin And Ethereum Spot ETF Applications
cw-icon 15 days ago
Popular Crypto Analyst Offers Insight Into The Upcoming Halving Event
cw-icon 15 days ago
New LONDON Token Proposed By Mayoral Candidate Brian Rose
cw-icon 16 days ago
Solana Drama Continues As MarginFi Leader Resigns
cw-icon 16 days ago
Uniswap Could Be Sued By The United States SEC Soon
cw-icon 17 days ago
Binance Gets Banned In The Philippines As Local Users Granted Grace Period
cw-icon 18 days ago
Spot BTC ETFs Being Chased By Chinese Equity Funds Via Hong Kong
cw-icon 18 days ago
Critics Lambast Cardano But Charles Hoskinson Remains Optimistic
cw-icon 18 days ago
Fundraising Deals - April 2nd To April 9th, 2024
cw-icon 19 days ago
Roman Storm Receives Support By Three Crypto Advocacy Entities
cw-icon 19 days ago
El Salvador Looks To Offer Citizenship To Highly Skilled Professionals
cw-icon 20 days ago
Bitcoin Hovers Around $70K As Decreasing Inflation Makes Everyone Cautious
cw-icon 21 days ago
US Law Enforcement Is Reportedly Harassing ZachXBT
cw-icon 22 days ago
PayPal Users Can Utilize PYUSD For International Payments And Transfers
cw-icon 22 days ago
SushiSwap Drama Unfolds As Team Receives Several Accusations
cw-icon 23 days ago
Binance Executive Remains Detained In Nigeria Despite Efforts To Get Him Out
cw-icon 23 days ago
Cardano Being Considered To Help With Enhancement Of Voting Processes
cw-icon 24 days ago
Avalanche Dominates GDC 2024 As Nearly 30K People Attend
cw-icon 24 days ago
Burkett Financial Services Reveals First BTC ETF Investment
cw-icon 25 days ago
Funding Deals - March 26th To April 1st, 2024
cw-icon 25 days ago
Telegram Introduces Toncoin As New Payment Option For Advertisers
cw-icon 25 days ago
Pepe Looks To Replace SHIB As Meteoric Rise Continues
cw-icon 26 days ago
Interest In NFTs Decreasing As OpenSea Experiences Reduced Sales Volume
cw-icon 26 days ago
Arthur Hayes Believes Meme Coins Can Bring Value To Blockchain Networks
Read more latest news

More From The News

...
News
London Stock Exchange Will Add Bitcoin And Ethereum ETNs In May

1 month ago March 26, 2024...

...
News
Fundraising Deals - 19th To 25th March 2024

1 month ago March 25, 2024...

Press Releases

...
Terra
Do Kwon Trial Begins Despite The Founder

1 month ago March 26, 2024

The civil fraud trial involving Ter... Read more

...
Payments
New Payment Limit For Crypto Wallets Scrapped

1 month ago March 25, 2024

The recent Anti-Money Laundering re... Read more

...
Goldman
Goldman Sachs Clients Look To Get Back

1 month ago March 25, 2024

Institutional clients served by the... Read more

...
Bitcoin
Bitcoin Undergoes Price Correction As International Economies

1 month ago March 24, 2024

A significant portion of the crypto... Read more

Join Our Newsletter

Get the latest trends and updates on our crypto community.

Home Crypto News Investor Zone Newsletters Funding Deals Awards & Lists

© Copyright 2024 CryptoWeekly