Researchers have recently uncovered a significant security flaw in Apple’s M-series chips, sparking concerns regarding the safety of crypto private keys stored on Mac computers. This vulnerability, identified as a side-channel exploit, enables malicious actors to extract encryption keys while the Apple chips are engaged in commonly used cryptographic protocols.
Unlike typical vulnerabilities that can be resolved through software updates, this particular flaw is inherent in the microarchitectural design of the chips themselves, making it “unpatchable.” To address the issue, the utilization of third-party cryptographic software may be necessary. However, implementing such software could significantly impact the performance of earlier M-series chips, including the M1 and M2.
A core vulnerability within the security of Apple’s M-Series chips presents a threat to cryptocurrency holders.
The recent revelations about a fundamental weakness in Apple’s hardware security infrastructure have brought significant attention to the potential risks faced by users, particularly those involved in cryptocurrency transactions. This vulnerability, termed the “GoFetch” exploit by researchers, exposes a flaw in the memory access patterns of Apple’s M-Series chips, allowing hackers to illicitly access sensitive data, including encryption keys crucial for cryptographic applications.
What makes this vulnerability particularly concerning is its seamless operation within the user environment, requiring only standard user privileges akin to regular applications. This means that even unsuspecting users could inadvertently fall victim to exploitation by malicious actors.
In response to the disclosure of this research, Mac users across online forums have voiced their apprehensions and raised questions regarding the possible implications, especially concerning the security of password keychains. While some users speculate that Apple will address the issue directly through updates to its operating system, others express heightened concern if the company fails to do so promptly.
Adding to the complexity of the situation, there are speculations among users that Apple might already be aware of this vulnerability, with conjectures about potential remedies in future chip iterations, such as the rumored M3 chip. References to prior research on similar topics, such as the “augury” study from 2022, further fuel discussions about the depth and implications of this security flaw.
Apple is confronted with a lawsuit from the Department of Justice (DOJ).
This discovery compounds the array of challenges confronting Apple, which includes an ongoing antitrust lawsuit initiated by the US Department of Justice (DOJ). The lawsuit alleges that Apple’s regulations within the App Store and its purported dominance have stifled both competition and innovation.
Additionally, the DOJ contends that Apple has restricted access to rival digital wallets, which offer advanced functionalities, while simultaneously preventing developers from offering their own payment services to users.
Last year, a class-action lawsuit was filed against Apple, asserting that the company has engaged in a scheme to limit peer-to-peer payment alternatives on its devices and obstruct the integration of cryptocurrency technology into iOS payment applications.
The complaint alleges that Apple has entered into anti-competitive agreements with prominent payment platforms such as PayPal’s Venmo and Block’s Cash App. These agreements purportedly constrain the utilization of decentralized cryptocurrency technology in payment applications, resulting in inflated costs for users.
Moreover, Apple’s guidelines mandate app developers to share 30% of their transaction revenues. This requirement has posed a barrier for cryptocurrency firms, including those facilitating the acquisition of non-fungible tokens (NFTs), as they endeavor to offer services to iOS users.
According to reports, Apple has removed the Bitcoin-friendly social media app Damus from the App Store due to a violation of its terms of service. The app features a tipping functionality that enables content creators to receive Bitcoin tips via the Lightning Network. Apple deemed this feature a violation of its guidelines, as it prohibits developers from selling additional in-app content unless the transactions are processed through Apple, which entails Apple receiving a 30% commission.