Uncorrectable flaw in Apple processors allows hack

Robert Graham, CEO of security consulting firm Errata Security, recommended that Apple users who have “a lot of money in cryptocurrency wallets” should move their funds to new wallets.

Researchers have discovered a new flaw in Apple's M-series chips, including M1, M2 and M3, allowing attackers to extract secret keys from Mac and iPad devices. In anote to Zero Day, security expertRobert Graham recommended that investors move their cryptocurrencies to new wallets.

Explaining the flaw in the simplest terms she could, journalist Kim Zetter explained that modern processors have a technique called‘prefetching’to speed up processing, including patterns of its activity.

“Theprefetcherdetermines what data you have previously accessed and places a pointer, or address locator, in the system cache memory indicating where that data or function code is located in memory, so the system can find and use it more quickly when necessary”, commented Zetter.

“The problem is that the cache can “leak” the information stored in it, allowing attackers to capture it in so-called side-channel attacks.”

The new discovery points out that Apple's M series chips have a vulnerability in this function, allowing third parties to obtain cryptographic keys.

Expert recommends that investors move their cryptocurrencies

In a note to Zero Day, Robert Graham, CEO of security consulting firm Errata Security, recommended that Apple users who have“a lot of money in cryptocurrency wallets”should move their funds to new wallets.

“There are people now planning to do this [attack] and are working on it, I presume.”

Due to the complexity of the attack, however, it is difficult to believe that hackers would target small investors. Regardless, it is always recommended to use hardware wallets, including for other brands of hardware.

On the subredditr/CryptoCurrenciesthere are dozens of comments on the subject. Also citing the Zero Day article, a point highlighted by investors is that the attack can happen on cloud servers that usevirtual machines for several different users.

“It is also theoretically possible for an attacker to do this by embedding malicious Javascript code into a website so that when a computer with an M-series chip visits it, the attacker's malicious code can conduct the attack to obtain cache data,” he wrote. journalist Kim Zetter.

On the r/Apple subreddit, the discussion about the vulnerability was more heated. While several users were concerned about their data, raising different possibilities, one of them was uncomfortable with the situation.

“This thread is a dumping ground of misinformation,” one user commented “I legitimately hate Reddit and I don't know why I still use this site. Fake experts pretend they know something and other people read it and assume it’s true.”

Finally, the final consequences of this failure in Apple's chips are still unknown. For the most cautious, like Robert Graham, the ideal is to move cryptocurrencies to another device.

Others treated the flaw with disdain, citing that it was discovered under “laboratory conditions”.

热点： APPLE IN TO