Apple's M1, M2, and M3 series chips are at the heart of its latest devices, and a newly discovered vulnerability could put users at potential risk of cryptocurrency theft. The vulnerability allows the CPU to be manipulated to steal encryption keys used to protect data privacy, including keys used in software encrypted wallets on Apple devices.
If you own an Apple device manufactured within the past five years, you may be at risk, as the vulnerability does not leave much room for users to defend themselves against potential attacks. Matthew Green, a cryptography expert and professor of computer science at Johns Hopkins University, said the main victims of this attack could be cryptocurrency wallet holders with large amounts of funds. Although this attack may not be applicable to everyday use, it poses a major threat to web browser encryption, affecting browser-based applications such as MetaMask, iCloud backups or email accounts.
Understanding the 'GoFetch' attack: What it means for you
The attack, called "GoFetch," is detailed in a report by researchers from the University of Illinois at Urbana-Champaign and the University of Washington. It exploits data memory-dependent prefetchers (DMPs) in chips to access CPU caches. By observing the side effects of secret-related accesses to the processor cache, an attacker can infer the victim program's secrets, even if there is no shared memory between the attacker and the victim.
This disclosure is different from the "Augury" prefetcher attack disclosed in 2022, but the principle is similar. The research team informed Apple of their findings on December 5, 2023, and made their findings public more than 100 days later.
Apple's response and how to protect your data
Apple has acknowledged the researchers' efforts and pointed to a developer article outlining a potential mitigation strategy. However, this workaround could degrade app performance because it involves assuming "worst-case" processing speeds to avoid calling the cache. The responsibility lies with macOS software developers who implement these changes, not users.
Despite Apple's response, some experts believe that its response was not enough. Journalist Kim Zetter pointed out that Apple added a patch to fix this issue in the M3 chip released in October, but failed to notify developers in time to enable the patch. Now, wallet manufacturers such as MetaMask and Phantom need to implement a patch to prevent this attack. Until then, the safest thing for cryptocurrency wallet users on vulnerable Apple devices is to remove the wallet from the device.
Apple users have historically felt safe from malware attacks due to the design of MacOS and iOS devices. However, a January 2022 report from cybersecurity firm Kaspersky highlighted the emergence of malware attacks targeting Intel and Apple chip devices that have "unusual creativity." Specifically, the malware targeted Exodus wallet users, tricking them into downloading a fake, malicious version of the software.
In conclusion, while Apple devices are generally considered secure, this vulnerability found in the encryption key management of its latest chips is a reminder that no system is completely immune to threats. Users, especially those who hold large amounts of cryptocurrency, should remain vigilant and stay up to date on any developments or patches to protect their digital assets.
Explore Cloudbet: The Destination for Top-Notch Pilot Games and More
Since its launch in 2013, Cloudbet has been a top pilot casino known for its wide range of online games and esports betting. With over 100,000 users, its notable feature is its commitment to security, storing customer funds in cold storage. The platform's user-friendly interface and diverse collection of games, including slots, table games, and virtual games, cater to a variety of preferences. Players can use multiple currencies or choose "Free Play" to explore the game risk-free. Cloudbet also supports cryptocurrency deposits, specifically a minimum requirement of 0.01 ETH.
New users will receive a deposit bonus of 100% up to 5 BTC, while there are ongoing promotions such as loyalty rewards, free spins and a $100,000 giveaway tied to the popular Evolution game. This range of offers ensures an exciting gaming experience at Cloudbet.
You can register with Cloudbet Casino here to claim your bonus, or read more about Cloudbet first.
Related News
Thunder Terminal loses $192,000 in hacker attack
10 Best Bitcoin Wallets for Beginners – Store Cryptocurrency Safely
Best Cryptocurrency Wallets for Beginners in 2024 – Top 8 List
Green Bitcoin – Gamified Green Staking
Rating
Contract audit by Coinsult
Early Access Presale Now Available – greenbitcoin.xyz
Make Money Predicting – Featured in Cointelegraph
Staking Rewards and Token Bonuses
$7 million raised – Closing soon
Learn more
Join our Telegram channel to get the latest news coverage.
English 
Chinese (China) 
Chinese (Hong Kong) 