A new vulnerability in Apple Silicon (M-series) chips

I’m a huge fan of Apple products. However, you may have come across a troubling piece of news recently regarding their M-series chips. The long and short of it is a team of researchers found a vulnerability in the Apple M1, M2, and M3 chips that can expose private keys used for data encryption to specifically designed malware.

The researchers published their findings on their website and Dan Goodin over at Ars Technica did an excellent write-up detailing the issue.

Should you be worried if you own a recent Mac with one of these chips? Short answer, no.

The exploit can’t be run from a web browser, so you can’t accidentally access a web page that will steal your information. It has to be run from malware installed locally on the machine. So standard hardware preventative measures apply: don’t install software from sources you don’t trust, protect your machine from physical access from untrusted people, and the like.

At the end of his article, Dan says

“End users who are concerned should check for GoFetch mitigation updates that become available for macOS software that implements any of the four encryption protocols known to be vulnerable. Out of an abundance of caution, it’s probably also wise to assume, at least for now, that other cryptographic protocols are likely also susceptible.”

Ultimately, each piece of software will have to update to mitigate this issue, so just be sure to keep all your software updated, and don’t use software that isn’t getting updated anymore for your sensitive information.