Vulnerability with a risk of private key leakage has been discovered in Apple’s macOS chips
It stems from the microarchitecture of the chips and cannot be eliminated
22.03.2024 - 13:12
650
3 min
0
What’s new? A recently discovered vulnerability in Apple’s M-series chips allows attackers to extract encryption keys from Mac computers, Ars Technica reports, citing academic researchers. The flaw cannot be fixed, as it is a consequence of the chip’s microarchitecture, but can be mitigated by creating third-party security software.
What else is known? An attacker can exploit the vulnerability when a targeted cryptographic operation and a malicious application with normal system user rights run on the same processor cluster.
In this case, the use of third-party security software can significantly degrade the performance of cryptographic operations, especially on earlier generations of M1 and M2 chips.
The attack, which the researchers called GoFetch, uses an application that, like most third-party apps on macOS, does not require administrator privileges. The M-series chips are divided into clusters. For example, the M1 has two clusters: one containing four efficiency cores and the other containing four performance cores.
As long as the malicious application and the crypto application targeted by the hacker are running in the same performance cluster, even if they are running on different cores within the cluster, GoFetch can mine the secret key.
As the researchers write, the GoFetch app takes less than an hour to extract a 2048-bit RSA key and just over two hours to extract a 2048-bit Diffie-Hellman key. Extracting the material needed to assemble the Kyber-512 key would take 54 minutes, while the Dilithium-2 key would take about 10 hours.
Unciphered professionals have found a way to hack the Trezor T crypto wallet
The company managed to obtain a seed phrase and a PIN code using a discovered vulnerability in the device’s chip
Late last year, hackers attacked decentralized applications using a code vulnerability in the Ledger Connect tool, which is required to connect to Ledger hardware wallets. The vulnerability was later fixed.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$59 517
BTC
-0.74%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.05
XRP
+0.12%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.073086
DOGE
-1.81%
-
Zcash
$376.6
ZEC
-4.75%
-
Stellar XLM
$0.172725
XLM
-0.67%
-
Cardano
$0.143646
ADA
-1.04%
-
Polkadot
$3.32
DOT
+5.27%