A newly published paper from researchers details an unpatchable vulnerability in Apple Inc.’s M series of chips that allows attackers to extract secret keys used in cryptography operations.

Dubbed GoFetch, the vulnerability can be exploited by a side-channel attack, which exploits indirect information to uncover secret data, such as cryptographic keys. In the GoFetch scenario, the method employs CPU prefetcher behavior, a mechanism within processors designed to predict and load data into cache before it’s actually needed by running programs, to reveal cryptographic keys through cache-timing analysis.

GoFetch leverages Data Memory-Dependent Prefetcher behavior —  the CPU’s method of preloading data based on observed access patterns — to violate the constant-time programming paradigm, allowing attackers to deduce secret keys through crafted inputs and cache-timing analysis.

The constant-time programming paradigm on the Apple chips aims to ensure that operations take the same amount of time to execute, regardless of input values, to prevent side-channel attacks by making execution time not depend on secret data.

The researchers show that the DMPs present in many Apple CPUs pose a real threat to multiple cryptographic implementations and allowed them to extract keys from OpenSSL Diffie-Hellman, Go RSA, CRYSTALS Kyber and Dilithium.

To test the theory, the researchers have successfully mounted end-to-end GoFetch attacks on Apple hardware equipped with M1 processors. They also tested DMP activation patterns on other Apple processors and found that M2 and M3 CPUs also exhibit similar exploitable DMP behavior.

Although the researchers have not tested other M-series variants, such as the M2 Pro, they hypothesize that since these parts have the same microarchitecture as their simpler counterparts, they are likewise equipped with exploitable DMPs.

Notably, the researchers also found that Intel Corp.’s 13th Gen Raptor Lake microarchitecture also features a DMP. However, unlike Apple, Intel’s activation criteria was found to be more restrictive, making it immune to GoFetch attacks.

The bad news for Apple users is that the GoFetch vulnerability is unpatchable because it exploits fundamental and widespread behaviors of Apple designs, targeting the way prefetchers operate in Apple’s CPUs.

Given that it can’t be patched, the research suggests mitigations that focus on avoiding the conditions that allow GoFetch to succeed rather than eliminating the prefetcher behavior itself. These include implementing countermeasures in software, such as avoiding secret-dependent control flows and memory accesses and employing cryptographic algorithms designed to be secure against side-channel attacks.

Image: DALL-E 3