Unpatchable security flaw in Apple Silicon Macs breaks encryption

Dolby

Dolby

Honorary Master
Joined
Jan 31, 2005
Messages
39,166
Reaction score
6,146
9to5mac.com

Unpatchable security flaw in Apple Silicon Macs breaks encryption - 9to5Mac

University researchers have found an unpatchable security flaw in Apple Silicon Macs, which would allow an attacker to break encryption...
9to5mac.com 9to5mac.com

University researchers have found an unpatchable security flaw in Apple Silicon Macs, which would allow an attacker to break encryption and get access to cryptographic keys.

The flaw is present in M1, M2, and M3 chips, and because the failing is part of the architecture of the chips, there’s no way for Apple to fix it in current devices
 
FiestaST said:
9to5Mac is a good site, scroll down to the comments, there is some insightful discussions regarding this.
Click to expand...

Flawed thought process on the trusted app point of view. Plenty of exploits have been found in signed apps and made it passed an App Store review.

I'm not going to lay awake at night over it, yet. But this attack vector can mutate. At some point a bad actor may be able to find a way to exploit it without the user initiating it by coupling it with another vulnerability.

Can the DMP be disabled?
Yes, but only on some processors. We observe that the DIT bit set on m3 CPUs effectively disables the DMP. This is not the case for the m1 and m2.
Click to expand...

The DMP can be disabled on M3 but will likely yield M2 level performance as result. Probably :)
 
backstreetboy said:
Lol need to run an application locally? Dolby is really scraping the bottom of the barrel here.
Click to expand...
Whats interesting to see is the flip flop in the comments.

‘Android is such a security risk because someone can download software with malicious code! Stupid OS!’

‘MacOS is rock solid and can only compromised because someone can download software with malicious code! Stupid ISP!’
 
I mean it seems as simple as not allowing the code to run.

A bit like locking the wrong door to solve the vulnerability of people being able to walk out with your ****.

Drama article is drama.
 
SauRoNZA said:
I mean it seems as simple as not allowing the code to run.

A bit like locking the wrong door to solve the vulnerability of people being able to walk out with your ****.

Drama article is drama.
Click to expand...

Same can be said for running Windows XP these days. Just don't run code which exploits vulnerabilities and you're set. I suppose AV software which detects known code which includes such exploits will become more and more necessary on Apple products. Thankfully I run Bitdefender for Mac on my Macs.
 
SauRoNZA said:
I mean it seems as simple as not allowing the code to run.

A bit like locking the wrong door to solve the vulnerability of people being able to walk out with your ****.

Drama article is drama.
Click to expand...
It’s information lol. Drama? That’s in your head. This is security researchers doing what security researchers do.
 
Mirai said:
Same can be said for running Windows XP these days. Just don't run code which exploits vulnerabilities and you're set. I suppose AV software which detects known code which includes such exploits will become more and more necessary on Apple products. Thankfully I run Bitdefender for Mac on my Macs.
Click to expand...

Mac already runs an AV by default and updates it with every security patch.

No need for third party kak.
 
lkpat said:
It’s information lol. Drama? That’s in your head. This is security researchers doing what security researchers do.
Click to expand...

They don’t make the drama.

It’s every journalist who winds it up for clicks that makes the drama.
 
“Some security people have scoffed at me when I say that security problems are primarily 'just bugs'.”

“Those security people are f*cking morons.”
Click to expand...
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X