Skip to main content
  1. Home
  2. Computing
  3. News

This ‘unpatchable’ Mac flaw is keeping me up at night

By

Apple MacBook Pro 16 downward view showing keyboard and speaker.
Mark Coppock / Digital Trends

Apple prides itself on the security of its devices, but that doesn’t mean they’re immune to malicious attacks. That point has just been proven by researchers who say they’ve discovered a major new vulnerability in any Mac that runs on an Apple silicon chip, according to a report from Ars Technica. Worst of all, it looks like the problem is completely unpatchable.

Recommended Videos

So, what’s the flaw? According to the researchers, it all comes down to components called data memory-dependent prefetchers (DMPs). Essentially, these predict what data is going to be needed next and preemptively retrieve it. The idea is that this saves on computing resources, but they leave a potential window open to attack.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, Max (HBO), and more

If that opportunity is exploited, and attacker could steal a Mac’s encryption keys, even when they’re protected by cryptographic apps designed to keep them safe. That could potentially give a malicious actor wide-ranging access to what’s stored on your Mac.

But unlike most modern vulnerabilities, the researchers say this one cannot be patched because it is inherent to the “microarchitectural” design of Apple silicon chips. There are steps that can be taken to mitigate it, but they might have a serious impact on the performance of the affected chips.

A hacker typing on an Apple MacBook laptop, which shows code on its screen.
Sora Shimazaki / Pexels

This is an issue affecting Apple silicon chips and, unfortunately, it seems that that means every Apple silicon chip generation. So, it’s not something you can avoid if you have the latest M3 MacBook Pro, for example.

The researchers dubbed the exploit GoFetch, and it’s not known if it has been used in the wild yet. Using the attack, the team was apparently able to extract a 2048-bit RSA key in under an hour, which is pretty fast.

According to the researchers, they first brought the flaw to Apple’s attention on December 5, 2023, and waited 107 days before making it public.

The only bright side is that this attack is unlikely to be used on regular Apple users. But that’s not much comfort when we know there’s very little Apple can do to banish the issue once and for all. We’ll have to see what — if anything — Apple is able to do to fix it and keep your Mac safe.

Alex Blake
Alex Blake
Computing Writer
Alex Blake has been working with Digital Trends since 2019, where he spends most of his time writing about Mac computers…
Topics

Editors’ Recommendations

As a recent Mac convert, here’s what has surprised me most
Apple MacBook Pro 16 front view showing display and keyboard.

When I transitioned to all-Apple computing, I knew there would be challenges. I assumed there would be many days and weeks of awkwardness before I truly felt at home on my Mac (and iPad, iPhone, and Apple Watch).

That's why it surprised me when I discovered how smooth much of the transition actually was. Here's everything I learned along the way, along with some tips on how I made it as seamless as possible.
Retraining my muscle memory
Both Windows and macOS have various features and functionality that aren't exactly hidden, but aren't entirely intuitive, either. Things like keyboard shortcuts, settings, windows management, and more build up over time. They get burned into our muscle memory, both physically and mentally. Switching to a new platform requires unlearning the old and learning the new.

Read more
This tiny ThinkPad can’t quite keep up with the MacBook Air M2
Lenovo ThinkPad X1 Nano Gen 3 rear view showing lid and logo.

While the laptop industry continues to move toward 14-inch laptops and larger, the 13-inch laptop remains an important category. One of the best is the Apple MacBook Air M2, with an extremely thin and well-built chassis, great performance, and incredibly long battery life.

Lenovo has recently introduced the third generation of its ThinkPad X1 Nano, one of the lightest laptops we've tested and a good performer as well. It's stiff competition, but which of these two diminutive laptops stands apart?
Specs and configurations

Read more
In the age of ChatGPT, Macs are under malware assault
A person using a laptop with a set of code seen on the display.

It's common knowledge -- Macs are less prone to malware than their Windows counterparts. That still holds true today, but the rise of ChatGPT and other AI tools is challenging the status quo, with even the FBI warning of its far-reaching implications for cybersecurity.

That may be why software developer Macpaw launched its own cybersecurity division -- dubbed Moonlock -- specifically to fight Mac malware. We spoke to Oleg Stukalenko, Lead Product Manager at Moonlock, to find out whether Mac malware is on the rise, and if ChatGPT could give hackers a massive advantage over everyday users.
State-sponsored attacks

Read more