GadgetBond

  • Latest
  • How-to
  • Tech
    • AI
    • Amazon
    • Apple
    • CES
    • Computing
    • Creators
    • Google
    • Meta
    • Microsoft
    • Mobile
    • Samsung
    • Security
    • Xbox
  • Transportation
    • Audi
    • BMW
    • Cadillac
    • E-Bike
    • Ferrari
    • Ford
    • Honda Prelude
    • Lamborghini
    • McLaren W1
    • Mercedes
    • Porsche
    • Rivian
    • Tesla
  • Culture
    • Apple TV
    • Disney
    • Gaming
    • Hulu
    • Marvel
    • HBO Max
    • Netflix
    • Paramount
    • SHOWTIME
    • Star Wars
    • Streaming
Add GadgetBond as a preferred source to see more of our stories on Google.
Font ResizerAa
GadgetBondGadgetBond
  • Latest
  • Tech
  • AI
  • Deals
  • How-to
  • Apps
  • Mobile
  • Gaming
  • Streaming
  • Transportation
Search
  • Latest
  • Deals
  • How-to
  • Tech
    • Amazon
    • Apple
    • CES
    • Computing
    • Creators
    • Google
    • Meta
    • Microsoft
    • Mobile
    • Samsung
    • Security
    • Xbox
  • AI
    • Anthropic
    • ChatGPT
    • ChatGPT Atlas
    • Gemini AI (formerly Bard)
    • Google DeepMind
    • Grok AI
    • Meta AI
    • Microsoft Copilot
    • OpenAI
    • Perplexity
    • xAI
  • Transportation
    • Audi
    • BMW
    • Cadillac
    • E-Bike
    • Ferrari
    • Ford
    • Honda Prelude
    • Lamborghini
    • McLaren W1
    • Mercedes
    • Porsche
    • Rivian
    • Tesla
  • Culture
    • Apple TV
    • Disney
    • Gaming
    • Hulu
    • Marvel
    • HBO Max
    • Netflix
    • Paramount
    • SHOWTIME
    • Star Wars
    • Streaming
Follow US
AppleComputingMacTech

New “GoFetch” flaw breaks encryption on Apple’s M1, M2, M3 chips

Apple has a big problem: "GoFetch" is an unfixable flaw in M1, M2, and M3 silicon that allows extracting crypto keys, cracking encryption. The only available mitigations are software-based.

By
Shubham Sawarkar
Shubham Sawarkar's avatar
ByShubham Sawarkar
Editor-in-Chief
I’m a tech enthusiast who loves exploring gadgets, trends, and innovations. With certifications in CISCO Routing & Switching and Windows Server Administration, I bring a sharp...
Follow:
- Editor-in-Chief
Mar 22, 2024, 6:34 AM EDT
Share
We may get a commission from retail offers. Learn more
New "GoFetch" flaw breaks encryption on Apple's M1, M2, M3 chips
Photo by David Paul Morris/Bloomberg via Getty Images
SHARE

A team of researchers has uncovered a critical security vulnerability that affects Apple‘s custom M1, M2, and M3 processors, allowing malicious software to extract cryptographic keys and other sensitive information from the chip’s cache. Dubbed the “GoFetch” vulnerability, the flaw exploits a design oversight in Apple Silicon’s state-of-the-art data memory-dependent prefetcher (DMP), a cutting-edge feature shared with Intel’s latest Raptor Lake CPUs.

The DMP is designed to improve performance by intelligently loading data into the CPU’s cache before it is needed, leveraging advanced prediction algorithms. However, the researchers discovered that the prefetcher could be tricked into loading sensitive cryptographic key material into the cache, where it becomes vulnerable to theft by an attacker’s code.

At the heart of the issue is the DMP’s ability to fetch data based on pointer values, which are often used to access other memory locations. In a critical oversight, the prefetcher can sometimes confuse these pointers with the actual data they point to, resulting in the unintended loading of sensitive information into the cache.

This vulnerability completely undermines the security guarantees provided by constant-time programming, a widely used technique for mitigating side-channel attacks on encryption algorithms. By exploiting GoFetch, malicious applications can effectively bypass these protections, gaining access to even the strongest encryption keys, including those designed to withstand attacks from future quantum computers.

The implications of this flaw are far-reaching, as it affects a wide range of encryption algorithms and protocols used to secure everything from online communications to financial transactions and government secrets.

Disturbingly, the GoFetch vulnerability is baked into the silicon of Apple’s M-series chips, making it impossible to fully patch at the hardware level. The only recourse for Apple and its software partners is to implement software-based mitigations, which will inevitably come at the cost of reduced performance for encryption and decryption operations.

One potential workaround is to restrict encryption tasks to the M-series chips’ energy-efficient E-cores, which lack the vulnerable DMP. However, this approach also carries a significant performance penalty, as the E-cores are less powerful than the main performance cores.

Apple has reportedly incorporated a “switch” in the M3 chip to disable the DMP, but the performance impact of this mitigation remains unknown. It’s possible that turning off the prefetcher could result in performance losses on par with software-based mitigations.

Interestingly, Intel’s Raptor Lake CPUs, which share the same DMP design as Apple Silicon, do not appear to be affected by the GoFetch vulnerability. The reasons for this discrepancy are unclear, but it suggests that the flaw can be addressed at the hardware level, potentially in future iterations of Apple’s M-series chips.

For now, Apple has not provided any timeline for an official fix, but given the severity of the vulnerability, a patch or mitigation is expected within the year.

The GoFetch vulnerability was discovered by a team of researchers from several prestigious institutions, including the University of Illinois Urbana-Champaign, the University of Texas at Austin, the Georgia Institute of Technology, the University of California, Berkeley, the University of Washington, and Carnegie Mellon University.


Discover more from GadgetBond

Subscribe to get the latest posts sent to your email.

Topic:Apple M1Apple M1 MaxApple M1 ProApple M1 UltraApple M2Apple M2 MaxApple M2 ProApple M2 UltraApple M3 chipApple M3 Max chipApple M3 Pro chipApple silicon
Most Popular

OpenAI rolls out ChatGPT for PowerPoint worldwide

How to watch the new Ghost in the Shell anime series

The Windows 11 taskbar is shrinking down and moving around

Xbox initiates massive restructuring: 1,600 roles cut

Beats launches heavy-duty ‘Power Pink’ cords starting at $19

Also Read
Side profile view of an ultra-thin Apple iPhone Air being held between fingers, showcasing its remarkably slim design with visible volume and power buttons along the metallic edge against a clean white background.

Leaker claims iPhone Air 2 will feature a significantly larger battery

Apple logo in Apple Store in Hong Kong

The physics of photography are catching up to the iPhone 18 Pro

Nothing Ear (3a)

Nothing Ear (3a) debuts with built-in audio recording for $99

Nothing Phone (4b)

Nothing officially unveils the Phone (4b) with enhanced Glyph Interface

Windows 11 logo with white Windows icon and ‘Windows 11’ text on a solid blue background.

How Windows 11 uses the cloud to save dead computers

Windows Recovery Environment (WinRE) Troubleshoot screen displaying recovery options, including Point-in-time restore, Reset this PC, Advanced options, and Cloud rebuild. The Cloud rebuild option is highlighted, indicating the feature to reinstall Windows from the cloud, removing all apps, settings, and personal files.

Microsoft adds direct-from-cloud OS recovery to Windows 11

Abstract blue gradient background featuring a centered rounded-square icon with a minimalist blue audio waveform symbol, representing a real-time voice or audio AI interface.

Faster, smarter, still mini: the new GPT-Realtime-2.1

“Guilty Creatures” book cover artwork and Julia Garner’s headshot

Apple TV announces ‘Guilty Creatures’ adaptation with all-star creative team

Company Info
  • Homepage
  • Support my work
  • Latest stories
  • Company updates
  • GDB Recommends
  • Daily newsletters
  • About us
  • Contact us
  • Write for us
  • Editorial guidelines
Legal
  • Privacy Policy
  • Cookies Policy
  • Terms & Conditions
  • DMCA
  • Disclaimer
  • Accessibility Policy
  • Security Policy
  • Do Not Sell or Share My Personal Information
Socials
Follow US

Disclosure: We love the products we feature and hope you’ll love them too. If you purchase through a link on our site, we may receive compensation at no additional cost to you. Read our ethics statement. Please note that pricing and availability are subject to change.

Copyright © 2026 GadgetBond. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | Do Not Sell/Share My Personal Information.