Last week ARS Technica published a report of an “unfixable” bug in Apple M series processors. While I do encourage you to read the report, I’ll give you the TL:DR here:
The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.
Here’s the translation: The threat allows someone to extract security keys from these chips, breaking encryption as a result. And it can’t be fixed because doing so will make these insanely fast processors slower. In short, this is really bad. But to be fair, and before those who don’t like Macs and instead support PCs and Windows all the things chime in, Intel and AMD have had their share of similar issues. This one and this one come to mind. While there are mitigations that Apple could take such as trying to shuffle encryption tasks away from the performance cores of M series processors to the efficiency cores of said processors, like I said earlier, this flaw is basically not patchable. It also means that much like when Intel and AMD had issues like these, researchers and threat actors will start poking around M series processors to see if they can find any other flaws.
So, what can you as a Mac user do to protect yourself? Well, other than keeping your software up to date, not much really. Everything that I have read on this doesn’t point to any proof of concept code or any easy to execute attack. So this isn’t a today problem for Mac users at the moment. But that doesn’t mean it won’t become a problem later. Thus you might want to just keep an eye on this to see if new information pops up about this.
Like this:
Like Loading...
Related
This entry was posted on March 26, 2024 at 9:10 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
So There’s An “Unfixable” Bug In Apple Silicon… What Does That Mean For You?
Last week ARS Technica published a report of an “unfixable” bug in Apple M series processors. While I do encourage you to read the report, I’ll give you the TL:DR here:
The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.
Here’s the translation: The threat allows someone to extract security keys from these chips, breaking encryption as a result. And it can’t be fixed because doing so will make these insanely fast processors slower. In short, this is really bad. But to be fair, and before those who don’t like Macs and instead support PCs and Windows all the things chime in, Intel and AMD have had their share of similar issues. This one and this one come to mind. While there are mitigations that Apple could take such as trying to shuffle encryption tasks away from the performance cores of M series processors to the efficiency cores of said processors, like I said earlier, this flaw is basically not patchable. It also means that much like when Intel and AMD had issues like these, researchers and threat actors will start poking around M series processors to see if they can find any other flaws.
So, what can you as a Mac user do to protect yourself? Well, other than keeping your software up to date, not much really. Everything that I have read on this doesn’t point to any proof of concept code or any easy to execute attack. So this isn’t a today problem for Mac users at the moment. But that doesn’t mean it won’t become a problem later. Thus you might want to just keep an eye on this to see if new information pops up about this.
Share this:
Like this:
Related
This entry was posted on March 26, 2024 at 9:10 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.