Never. It's not remote and requires them to have access to your computer. This is a terrible article as usual.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Silicon Vulnerability Allows Hackers to Extract Encryption Keys
- Thread starter MacRumors
- Start date
- Sort by reaction score
Not really. This has nothing to do with sideloading.
Why do people mistakenly connect the dots across two different puzzles? It's just because of the blind hate for the DMA?
The headline is way too sensationalist. First of all, to get the key the exploit would need to run for several hours on the same CPU cluster. Second, the exploit cannot guess keys from the Secure Enclave. Third, the exploit needs to have access to the source code of the cryptographic algorithm.
So, yes, while this is a potential vulnerability, it’s utility as exploit is extremely low in practice and it is not relevant to the core of actually important cryptography on your computer.
So, yes, while this is a potential vulnerability, it’s utility as exploit is extremely low in practice and it is not relevant to the core of actually important cryptography on your computer.
You're only half-correct
- No, it does not need for several hours. From the research paper: it takes as little as few minutes
- Yes, it can not get the keys from secure enclave - but majority of the 3rd party software does not store private keys there. This exploit is able to extract the keys when they are in-memory.
- Well, RSA is most used cryptographic algorithm and its pretty known. It's known that proprietary self-implemented cryptography algorithms are usually really bad. It's a bad idea to try to implement custom crypto. It never works well.
For those that are surprised by presence of CPU vulnerabilities - I have news...
www.intel.com
(I do not make excuses for Apple but - let's get real... hardware just as software can have vulnerabilities, it is a fact of life)
Affected Processors: Transient Execution Attacks & Related Security...
Review the impact of transient execution attacks and select security issues on currently supported Intel products.
(I do not make excuses for Apple but - let's get real... hardware just as software can have vulnerabilities, it is a fact of life)
Are there any estimates how much this predictive pointer dereferencing, or whatever it is, gives in speed advantage (i.e. how much slower Macs will become without it)?
On another note, the whole Apple Silicon move seems to have been unwarranted. Intel and AMD are making large strides in power efficiency and even without the inevitable slowdown from patching this vulnerability, there have been no enticing improvements since the M1.
On another note, the whole Apple Silicon move seems to have been unwarranted. Intel and AMD are making large strides in power efficiency and even without the inevitable slowdown from patching this vulnerability, there have been no enticing improvements since the M1.
Yes, they should. Apple has something similar with the M3 series processors. From the researchers' website: "Can the DMP be disabled?" "Yes, but only on some processors. We observe that the DIT bit set on m3 CPUs effectively disables the DMP. This is not the case for the m1 and m2. Also, Intel's counterpart, DOIT bit, can be used to disable DMP on the Raptor Lake processors."Intel seems to have included some measures to prevent attacks like this, but I am not sure if these measures protect against this attack.
Data Dependent Prefetcher
Some newer Intel processors support a new hardware prefetcher feature classified as a Data-Dependent Prefetcher (DDP) which exhibits properties designed to restrict side channel attacks.www.intel.com
By the way, that documentation is from the end of 2022.
It was simpler. 🙂
I got my first Mac in 2004, a 17" PowerBook G4 when I started my graphic design career. I used it and upgraded what I could until it became so slow, I couldn't do anything. In 2010, I bought a 15" MacBook Pro. Used it, years later upgraded to an SSD, but finally got to the point where it was giving me problems. I was able to solve it with a software fix, and still have it in use as a media server.
In 2022, I needed something that could handle the side work I do (graphic design), so I bought the best MacBook Pro I could afford. I plan to use this until it conks out. Hopefully thats a long time away.
I know it's the way it's always been in the tech world and it's silly on my part, but it can be a little bit of a downer to continue to see newer and better Macs so quickly after you buy the "latest & greatest." 😄
It's quite impossible to give estimates because there's not a "global patch" for this issue. So it's going to vary software by software. Also the "patch" is being performed differently on M1, M2 and M3.
On M1, M2 you pin your software to use efficient cores only (so you're limited to the efficient cores performance).
On M3 you disable DMP via optional DIT bit for your software. And with such it's even harder to predict the perf loss.
As for the Intel and AMD comparison - they both have their own shares of issues and x86_64 arch is still lot less efficient than ARM. So I don't agree with your opinion that the whole Apple Silicon move seems to have been unwarranted.
Apple Silicon is the best thing to happen in Mac(Book) lineup for quite a long time.
Reminds me of Zero Click which mysteriously is never permanently disabled. It's almost like Apple cooperated in designing a backdoor into what they sell.
Any security hole in any application can exploit the user and potentially run custom code, not just this one. This exploit is no more/less threatening if an app is not written secure to begin with.
As for being the user responsibility, I agree, but that doesn't change the fact that droves of users will use 3rd party assuming they are safe, then blame Apple/Google for the malicious code they download.
3rd party store have far less code review and less stringent established rules (compared to Apple and dare say Google). As a dev I can get FAR more nefarious code on your device via other stores than I can through Apple.
This happens from time to time! People are trying to spread propoganda and tear down the big tech giants ( Apple, NVIDIA, Tesla, Microsoft, Amazon, Google) and act like they are the Devil Incarnate! I think it might have to do with AI! Some people are scared out of their minds because of AI and they will try to do anything to topple the tech giants!
Dammit man! That's why I wait a while before purchasing any type of new computer especially if there is a NEW chip or silicon. Just can't win. WTF!
That's not true. This exploit extends the possibilities beyond the privileges the insecure exploited app runs with. If you exploit some insecure app prior this exploit you had user privileges (and fairly limited on top of that, because macOS separates privileges to user folders, user settings etc.). With this exploit you're able to extract private keys (secret information) which should be only possible with admin privileges. And now you can do that via unfixable HW exploit without additional PrivEsc exploit (PrivEsc exploit is pretty rare).
Will use? MacOS allows 3rd party software normally just today and it's not a big deal. MacBook would be pretty unusable for many users if it would be limited just to the App Store apps. Even completely fine Steam is 3rd party app which needs to be downloaded outside of Apple's app store. Same goes for LibreOffice and other quite essential software (for many people).
Apple's App Store does not have any code review. You submit binaries to the Apple. Not the source code. But yes I agree it will have less rules for better or worse. It's double-edged sword. I prefer freedom on my device, it's my responsibility to choose which software I download and install.
“Privacy and safety”
Apple has lost its touch man. I fully believe Tim Cook needs to go.
Apple has lost its touch man. I fully believe Tim Cook needs to go.
"a large number of users" sneaky. So you admit that Apple does have security issues that harm some users? So what is that magic number 100, 1000, 10000, millions?
Me, I am only 1 person, and it if harms me that is what is important. (my writing teacher is turning over in her grave with that last sentence. But you get the drift.)
For someone who likes to try out third-party apps and experiment in Terminal, this is unfortunate news. I already do my research before I install something, but I guess I will do extra research to make sure anything I install or any commands I put into Terminal are 100% safe.
It should affect everything using those chips. Probably the A14/A15 as well, since M1/M2 are based on them. A16/17 looks safe.
So which Mac is the safest to use? An Apple Silicon one? An Intel one? A PowerPC one? A Motorola one? Or should I switch them all OFF?
My dude, this is a problem on macs, where you’ve always been able to run whatever you want. Not everything needs a libertarian screaming about EU regs being some form of conspiracy to pwn your devices 🙄