A recently discovered vulnerability in Apple’s M-series chips, named “GoFetch,” poses a significant threat to security. Exploiting a microarchitectural side-channel attack, this flaw targets constant-time cryptographic implementations, compromising the extraction of secret keys used during cryptographic operations.
The vulnerability, related to the data memory-dependent prefetcher (DMP), allows attackers to capture sensitive data from the CPU cache, bypassing traditional security measures. Researchers from prestigious institutions such as the University of Illinois Urbana-Champaign and the University of Texas have shed light on the workings of GoFetch.
They found that the DMP prefetcher, by activating and dereferencing data loaded from memory, violates the constant-time programming paradigm, making it susceptible to key-extraction attacks. Despite efforts to separate data from addresses, the aggressive nature of DMP renders systems vulnerable, undermining the security protections of constant-time programming against timing side-channel attacks. Apple has been made aware of the vulnerability since December 2023.
While existing Apple CPUs cannot be fixed to address this flaw, developers of cryptographic libraries are urged to take preventive measures. On the user end, keeping systems up-to-date is recommended, although Apple M3 chips offer some respite with the ability to disable DMP through data-independent timing (DIT). Nonetheless, addressing GoFetch’s implications will likely introduce performance hits, prompting a delicate balance between security and functionality.
