Mac M-series Bitcoiners Beware of this Unpatchable Flaw in the Chip Set
228 sats \ 1 comment \ @kepford 25 Mar bitcoin
If you use a newer Mac with one of those fancy M-series chips you should be aware.
A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations..
Unpatchable vulnerability in Apple chip leaks secret encryption keys
For a video explaining this issue in detail checkout https://youtu.be/-D1gf3omRnw?si=kLCDOE-dBXWwpgo2
The TLDR is that without root access a malicious application could extract secrets from your M-series Mac. This is not remote executable but a malicious app could do this or someone with access to your computer of course.
Something to pay attention to and be aware of. Be careful out there folks.
write
preview
related posts
0 sats \ 0 replies \ @cascdr 26 Mar
AI Generated Summary of Your Video: TLDR: The Apple M1, M2, and M3 chipsets have an unpatchable bug in their CPU design that allows for a side-channel cache-based memory attack, potentially leaking cryptographic keys.
  • Side-channel attacks exploit cache memory to reveal information about other processes.
  • The bug in Apple silicon allows an unprivileged process to read data from another process, potentially leaking cryptographic keys.
  • The vulnerability stems from the data memory dependent prefetchers in Apple silicon, which do not adhere to constant time programming.
  • The bug, known as "go fetch," showcases the ongoing battle between hackers exploiting cache side channels and CPU designers implementing constant time programming.
  • The bug highlights the intricate world of offensive security research and the complexity of CPU architecture vulnerabilities.
In conclusion, the Apple silicon bug sheds light on the evolving landscape of side-channel attacks and the challenges faced in securing CPU architectures. It underscores the importance of constant time programming and the ongoing efforts to mitigate cache-based vulnerabilities in modern computing systems.
reply