Never. It's not remote and requires them to have access to your computer. This is a terrible article as usual.so when will the class action or recall be so can we trade in our M1’s for an M3?
Never. It's not remote and requires them to have access to your computer. This is a terrible article as usual.so when will the class action or recall be so can we trade in our M1’s for an M3?
Not really. This has nothing to do with sideloading.Coming soon to the iPhone, thanks to sideloading and alternative marketplaces.
You're only half-correctThe headline is way too sensationalist. First of all, to get the key the exploit would need to run for several hours on the same CPU cluster. Second, the exploit cannot guess keys from the Secure Enclave. Third, the exploit needs to have access to the source code of the cryptographic algorithm.
So, yes, while this is a potential vulnerability, it’s utility as exploit is extremely low in practice and it is not relevant to the core of actually important cryptography on your computer.
Yes, they should. Apple has something similar with the M3 series processors. From the researchers' website: "Can the DMP be disabled?" "Yes, but only on some processors. We observe that the DIT bit set on m3 CPUs effectively disables the DMP. This is not the case for the m1 and m2. Also, Intel's counterpart, DOIT bit, can be used to disable DMP on the Raptor Lake processors."Intel seems to have included some measures to prevent attacks like this, but I am not sure if these measures protect against this attack.
Data Dependent Prefetcher
Some newer Intel processors support a new hardware prefetcher feature classified as a Data-Dependent Prefetcher (DDP) which exhibits properties designed to restrict side channel attacks.www.intel.com
By the way, that documentation is from the end of 2022.
It was simpler. 🙂This is going to make me sound really, really old… which I am! 😁
I do miss the pre-internet days.
I would buy a Mac from my Mac shop… use it until it felt slowish. Then I might even just upgrade the RAM or storage myself. *gasp*
I lived and worked with no idea what the latest and greatest Mac was. What processor it was up to… etc etc.
Just blissful ignorance.
After 3-5 years I'd just but the latest Mac I could afford.
Life definitely was a lot simpler back then! 🙂
It's quite impossible to give estimates because there's not a "global patch" for this issue. So it's going to vary software by software. Also the "patch" is being performed differently on M1, M2 and M3.Are there any estimates how much this predictive pointer dereferencing, or whatever it is, gives in speed advantage (i.e. how much slower Macs will become without it)?
On another note, the whole Apple Silicon move seems to have been unwarranted. Intel and AMD are making large strides in power efficiency and even without the inevitable slowdown from patching this vulnerability, there have been no enticing improvements since the M1.
Uh... This can be performed even through the software available in the Apple's app store. All it takes is security hole in such software which you can exploit to run your custom code.
EU 3rd party stores has nothing to do with this thing. Also 3rd party stores are optional thing. It's your responsibility what you install anyway.
…particularly on the earlier M1 and M2 chips. The DMP on the M3, Apple's latest chipchip, has a special bit that developers can invoke to disable it…
This happens from time to time! People are trying to spread propoganda and tear down the big tech giants ( Apple, NVIDIA, Tesla, Microsoft, Amazon, Google) and act like they are the Devil Incarnate! I think it might have to do with AI! Some people are scared out of their minds because of AI and they will try to do anything to topple the tech giants!Apple's bad week.
That's not true. This exploit extends the possibilities beyond the privileges the insecure exploited app runs with. If you exploit some insecure app prior this exploit you had user privileges (and fairly limited on top of that, because macOS separates privileges to user folders, user settings etc.). With this exploit you're able to extract private keys (secret information) which should be only possible with admin privileges. And now you can do that via unfixable HW exploit without additional PrivEsc exploit (PrivEsc exploit is pretty rare).Any security hole in any application can exploit the user and potentially run custom code, not just this one. This exploit is no more/less threatening if an app is not written secure to begin with.
Will use? MacOS allows 3rd party software normally just today and it's not a big deal. MacBook would be pretty unusable for many users if it would be limited just to the App Store apps. Even completely fine Steam is 3rd party app which needs to be downloaded outside of Apple's app store. Same goes for LibreOffice and other quite essential software (for many people).As for being the user responsibility, I agree, but that doesn't change the fact that droves of users will use 3rd party assuming they are safe, then blame Apple/Google for the malicious code they download.
Apple's App Store does not have any code review. You submit binaries to the Apple. Not the source code. But yes I agree it will have less rules for better or worse. It's double-edged sword. I prefer freedom on my device, it's my responsibility to choose which software I download and install.3rd party store have far less code review and less stringent established rules (compared to Apple and dare say Google). As a dev I can get FAR more nefarious code on your device via other stores than I can through Apple.
"a large number of users" sneaky. So you admit that Apple does have security issues that harm some users? So what is that magic number 100, 1000, 10000, millions?Please, give some examples where dropped the ball on security in ways that it harmed a large number of users.
It should affect everything using those chips. Probably the A14/A15 as well, since M1/M2 are based on them. A16/17 looks safe.Does it only affect M1 and M2 powered Macs, or iPads as well?
I don't know...I'm not sure Daystrom is playing with a full SSD.This can be fixed by upgrading to M5.
My dude, this is a problem on macs, where you’ve always been able to run whatever you want. Not everything needs a libertarian screaming about EU regs being some form of conspiracy to pwn your devices 🙄"Requires an attacker process to be running on your machine..." Looking at the EU demands and the push to allow 3rd party stores, side loading applications, etc....