A team of researchers has uncovered a critical security vulnerability that affects Apple‘s custom M1, M2, and M3 processors, allowing malicious software to extract cryptographic keys and other sensitive information from the chip’s cache. Dubbed the “GoFetch” vulnerability, the flaw exploits a design oversight in Apple Silicon’s state-of-the-art data memory-dependent prefetcher (DMP), a cutting-edge feature shared with Intel’s latest Raptor Lake CPUs.

The DMP is designed to improve performance by intelligently loading data into the CPU’s cache before it is needed, leveraging advanced prediction algorithms. However, the researchers discovered that the prefetcher could be tricked into loading sensitive cryptographic key material into the cache, where it becomes vulnerable to theft by an attacker’s code.

At the heart of the issue is the DMP’s ability to fetch data based on pointer values, which are often used to access other memory locations. In a critical oversight, the prefetcher can sometimes confuse these pointers with the actual data they point to, resulting in the unintended loading of sensitive information into the cache.

This vulnerability completely undermines the security guarantees provided by constant-time programming, a widely used technique for mitigating side-channel attacks on encryption algorithms. By exploiting GoFetch, malicious applications can effectively bypass these protections, gaining access to even the strongest encryption keys, including those designed to withstand attacks from future quantum computers.

The implications of this flaw are far-reaching, as it affects a wide range of encryption algorithms and protocols used to secure everything from online communications to financial transactions and government secrets.

Disturbingly, the GoFetch vulnerability is baked into the silicon of Apple’s M-series chips, making it impossible to fully patch at the hardware level. The only recourse for Apple and its software partners is to implement software-based mitigations, which will inevitably come at the cost of reduced performance for encryption and decryption operations.

One potential workaround is to restrict encryption tasks to the M-series chips’ energy-efficient E-cores, which lack the vulnerable DMP. However, this approach also carries a significant performance penalty, as the E-cores are less powerful than the main performance cores.

Apple has reportedly incorporated a “switch” in the M3 chip to disable the DMP, but the performance impact of this mitigation remains unknown. It’s possible that turning off the prefetcher could result in performance losses on par with software-based mitigations.

Interestingly, Intel’s Raptor Lake CPUs, which share the same DMP design as Apple Silicon, do not appear to be affected by the GoFetch vulnerability. The reasons for this discrepancy are unclear, but it suggests that the flaw can be addressed at the hardware level, potentially in future iterations of Apple’s M-series chips.

For now, Apple has not provided any timeline for an official fix, but given the severity of the vulnerability, a patch or mitigation is expected within the year.

The GoFetch vulnerability was discovered by a team of researchers from several prestigious institutions, including the University of Illinois Urbana-Champaign, the University of Texas at Austin, the Georgia Institute of Technology, the University of California, Berkeley, the University of Washington, and Carnegie Mellon University.