Month: March 2024

Enlarge (credit: Aurich Lawson | Apple)

A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday.

The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

Beware of hardware optimizations

The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel's 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years.

Enlarge / Within minutes of Thursday's scrub, technicians were on the pad in Baikonur with the fully fueled rocket. (credit: NASA TV)

On Thursday a crew of three people was due to launch on a Soyuz rocket, bound for the International Space Station.

However, the launch scrubbed at about 20 seconds before the planned liftoff time, just before the sequence to ignite the rocket's engines was initiated, due to unspecified issues. Shortly after the abort, there were unconfirmed reports of an issue with the ground systems supporting the Soyuz rocket.

The three people inside the Soyuz spacecraft, on top of the rocket, were NASA astronaut Tracy C. Dyson, Roscosmos cosmonaut Oleg Novitskiy, and spaceflight participant Marina Vasilevskaya of Belarus. This Soyuz MS-25 mission had been planned for a liftoff from the Baikonur Cosmodrome, in Kazakhstan, at 13:21 UTC (6:21 pm local time in Baikonur).