The latest is a new bug that researchers have found in the Apple M1, M2 and M3 chipset. Known as the GoFetch vulnerability, it is part of the computer’s CPU. This means that unless you change the computer’s CPU itself, it is essentially unpatchable. It allows for side-channel cache-based memory attacks wherein a process can read the data from another process and leak information. The vulnerability is highly sophisticated and is related to the Data Memory-dependent Prefetcher hardware part of the chip.
Although it is very concerning, cybersecurity experts emphasize that it is a local bug, which means that an individual would need access to your computer in order to take advantage of it.
Nevertheless, it points to an unsettling trend in which Apple’s computers and smartphones are increasingly being found to be far less secure than many consumers believe. And with bugs like this one in particular, some people, like X user “Kim Dotcom”, are wondering whether U.S. intelligence agencies have intentionally placed them there so they can spy on Americans.
In December, researchers exposed an attack known as Triangulation that backdoored countless iPhones, many of which belonged to employees of the security firm Kaspersky, across a span of four years. The attackers gained an unprecedented degree of access by exploiting a vulnerability in an undocumented hardware feature of the phones.
After a lengthy investigation, researchers were unable to determine how the attackers knew the hardware feature existed or what its purpose is.
The backdooring campaign was significant, infecting the iPhones of thousands of people who worked in Russian embassies and missions. During the years it was active, the victims’ phones were infected via iMessage texts that managed to install malware on the devices without the victim taking any action thanks to a complex exploit chain.
This placed full-featured spyware on their phones capable of transmitting a broad range of sensitive data to servers controlled by the hackers. Some of the data it transmitted included photos, microphone recordings and geolocation information.
Kaspersky Researcher Boris Larin explained what made this attack stand out: “Due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming, requiring a comprehensive understanding of both hardware and software architectures. What this discovery teaches us once again is that even advanced hardware-based protections can be rendered ineffective in the face of a sophisticated attacker, particularly when there are hardware features allowing to bypass these protections.”
In January, another vulnerability was discovered in Apple products. Dubbed LeftoverLocals, it enables attackers who have local access to a device to obtain data that is processed in the local memory of the GPU, something that poses a major risk as the use of Large Language Models increases. The vulnerability means that attackers can eavesdrop on a user’s interactive LLM session, which may give them access to sensitive information. Only some Apple devices have received patches to address this; others remain vulnerable.
Sources for this article include: