A new security vulnerability has been discovered in Apple's Mac and MacBook
computers – and the worst part is that it's unpatchable.

Academic researchers discovered the vulnerability, first reported by Ars
Technica, which allows hackers to gain access to secret encryption keys on
Apple computers with Apple's new Silicon M-Series chipset. This includes
the M1, M2, and M3 Apple MacBook and Mac computer models.

Basically, this vulnerability can be found in any new Apple computer
released from late 2020 to today.

https://mashable.com/article/apple-silicon-m-series-chip-vulnerability-hackers-encryption-keys

On Sat, 23 Mar 2024 12:09:25 -0000 (UTC), badgolferman wrote:

> https://mashable.com/article/apple-silicon-m-series-chip-vulnerability-hackers-encryption-keys

Thank you for informing the vulnerable Apple owners, where this is yet
another reason why Apple's products are the most insecure on the market.
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

It's exactly what Apple M-series owners need to be aware of since it's yet
another of many proofs that Apple effectively doesn't QA their hardware.

Worse, Apple effectively has no QA (which Craig Federighi has said in his
leaked internal emails) mainly because Apple's fundamental business
strategy is to lie about quality until someone else does the QA for Apple.

FACT: "Researchers say that they first brought their findings to Apple's
attention on December 5, 2023. They waited 107 days before disclosing their
research to the public."

On 2024-03-23, badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>
> A new security vulnerability has been discovered in Apple's Mac and
> MacBook computers – and the worst part is that it's unpatchable.
>
> Academic researchers discovered the vulnerability, first reported by
> Ars Technica, which allows hackers to gain access to secret encryption
> keys on Apple computers with Apple's new Silicon M-Series chipset.
> This includes the M1, M2, and M3 Apple MacBook and Mac computer
> models.
>
> Basically, this vulnerability can be found in any new Apple computer
> released from late 2020 to today.

This is a prefetcher vulnerability, and most platforms have prefetchers.
Security experts have long known that classical prefetchers open a side
channel that malicious processes can probe to obtain secret key material
from cryptographic operations. This vulnerability is the result of the
prefetchers making predictions based on previous access patterns, which
can create changes in state that attackers can exploit to leak
information.

The short of it is that researchers in a lab have figured out a way to
communicate with cryptography apps running on Apple Silicon in such a
way that they can learn the secret key used by those apps to encrypt
information.

The attack requires the user to download, install, and run a malicious
app on the Mac. The malicious app doesn't require root access but does
require the same user privileges needed by most third-party applications
installed on a macOS system.

M-series chips are divided into what are known as clusters. The M1, for
example, has two clusters: one containing four efficiency cores and the
other four performance cores. The targeted cryptography app must be
running on the same performance cluster as the malicious app for the
attack to be successful.

It takes time for the attack to work, but it can be successful:

"The attack works against both classical encryption algorithms and a
newer generation of encryption that has been hardened to withstand
anticipated attacks from quantum computers. The GoFetch app requires
less than an hour to extract a 2048-bit RSA key and a little over two
hours to extract a 2048-bit Diffie-Hellman key. The attack takes 54
minutes to extract the material required to assemble a Kyber-512 key and
about 10 hours for a Dilithium-2 key, not counting offline time needed
to process the raw data."

There are different ways to mitigate this vulnerability, most of which
incur a performance penalty, some of which don't. But in the worst case,
the performance penalty would only impact cryptographic operations in
specific applications or processes.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
> A new security vulnerability has been discovered in Apple's Mac and MacBook
> computers – and the worst part is that it's unpatchable.

Wrong ng. Totally off topic here.

On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:

> badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>> A new security vulnerability has been discovered in Apple's Mac and MacBook
>> computers – and the worst part is that it's unpatchable.
>
> Wrong ng. Totally off topic here.

And not important anyway. The trolls just wanted to screech about
"unpatchable flaws".

Because trolls.

On 23.03.24 18:23, Tyrone wrote:
> On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:
>
>> badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>>> A new security vulnerability has been discovered in Apple's Mac and MacBook
>>> computers – and the worst part is that it's unpatchable.
>>
>> Wrong ng. Totally off topic here.
>
> And not important anyway. The trolls just wanted to screech about
> "unpatchable flaws".
>
> Because trolls.

*You* are an idiot and a Troll!

--
"Ave Caesar! Morituri te salutant!"

Tyrone <none@none.none> wrote:
> On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:
>
>> badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>>> A new security vulnerability has been discovered in Apple's Mac and MacBook
>>> computers – and the worst part is that it's unpatchable.
>>
>> Wrong ng. Totally off topic here.
>
> And not important anyway. The trolls just wanted to screech about
> "unpatchable flaws".
>
> Because trolls.
>

Hello Tyrone. I think you are new here since I don’t recognize your name,
but maybe you are a regular user with a new identity for all I know.

I have been an iPhone user since the 4 model and am currently on the 14
model. My wife and one of my kids use iPhones and iPads. My mother uses
iPhones and iPads. I assure you that despite what Jolly Roger says, I am
not a troll. I am an Apple customer, but not one that is so heavily
invested financially or emotionally in the Apple products and ecosystem. In
fact I use Windows computers and prefer the Google desktop/cloud products.
However I use iPhones because I’ve been doing so for over fifteen years and
have become used to iOS, not wanting to learn Android. There are also
indispensable apps on iOS I can’t do without.

The news articles I post are actual and true news stories about iPhones and
Apple which I find interesting. It is my wish that others may find them
interesting and informative as well. If they spur conversations that’s even
better, because we all learn from each other’s experiences and opinions.
There are however some people here who do not want their (Apple) mansion on
the hill to get stained so they come out with guns blaring to protect their
emotional investments. It is those people who cannot separate their pride
from what has become almost a religion for them. If they can’t look at a
situation logically and apply common sense to it then they attack the
messenger to prevent him from informing others.

Anyway, think whatever you’d like about me. If you want to attack or block
me that is your prerogative. Just know that I am not a troll, but instead
an iPhone user with eyes wide open who sees a larger picture than people
like Jolly Roger, Your Name and Alan.

On 2024-03-23 17:23:53 +0000, Tyrone said:
> On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:
>> badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>>>
>>> A new security vulnerability has been discovered in Apple's Mac and
>>> MacBook computers – and the worst part is that it's unpatchable.
>>
>> Wrong ng. Totally off topic here.
>
> And not important anyway. The trolls just wanted to screech about
> "unpatchable flaws".
>
> Because trolls.

It's important for conspiracy nutters and paranoid loonies who think
every one is always out to get them and their "important secrets" (such
as watching cat videos on YouTube) have to be kept away from police and
government "spies". :-\

The flaw may or may not be yet to be found in Apple's iPhone CPUs as
well. The flaw apparently "leaks" encyrption keys, meaing someone else
could decrpty your "secure" information ... if that someone is
determined enough to do it, which is unlikely to be worth the bother
anyway.

On 2024-03-23, badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
> Tyrone <none@none.none> wrote:
>> On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:
>>> badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>>>>
>>>> A new security vulnerability has been discovered in Apple's Mac and
>>>> MacBook computers – and the worst part is that it's unpatchable.
>>>
>>> Wrong ng. Totally off topic here.
>>
>> And not important anyway. The trolls just wanted to screech about
>> "unpatchable flaws".
>>
>> Because trolls.
>
> Hello Tyrone. I think you are new here since I don’t recognize your
> name, but maybe you are a regular user with a new identity for all I
> know.
>
> I have been an iPhone user since the 4 model and am currently on the
> 14 model. My wife and one of my kids use iPhones and iPads. My mother
> uses iPhones and iPads. I assure you that despite what Jolly Roger
> says, I am not a troll.

Here's an easy challenge, Tyrone (and anyone else reading this): go back
and look at all of badgolferman's previous posts, and make note of how
many are (a) negative news about Apple as opposed to positive, and (b)
obvious bait for trollish flame wars that inevitably ensue, and where
Arlen (under his many, many nyms) quickly steps in to sling childish
insults at Apple users. It becomes *crystal* clear that badgolferman,
Arlen, and a select handful of others are the actual Apple-hating trolls
here. They think we don't see what they are doing, but it's all too
obvious for anyone with a functioning brain to see. ; )

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

badgolferman wrote:
> Tyrone <none@none.none> wrote:
>> On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:
>>
>>> badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>>>> A new security vulnerability has been discovered in Apple's Mac and MacBook
>>>> computers – and the worst part is that it's unpatchable.
>>>
>>> Wrong ng. Totally off topic here.
>>
>> And not important anyway. The trolls just wanted to screech about
>> "unpatchable flaws".
>>
>> Because trolls.
>>
>
> Hello Tyrone. I think you are new here since I don’t recognize your name,
> but maybe you are a regular user with a new identity for all I know.
>
> I have been an iPhone user since the 4 model and am currently on the 14
> model. My wife and one of my kids use iPhones and iPads. My mother uses
> iPhones and iPads. I assure you that despite what Jolly Roger says, I am
> not a troll. I am an Apple customer, but not one that is so heavily
> invested financially or emotionally in the Apple products and ecosystem. In
> fact I use Windows computers and prefer the Google desktop/cloud products.
> However I use iPhones because I’ve been doing so for over fifteen years and
> have become used to iOS, not wanting to learn Android. There are also
> indispensable apps on iOS I can’t do without.
>
> The news articles I post are actual and true news stories about iPhones and
> Apple which I find interesting. It is my wish that others may find them
> interesting and informative as well. If they spur conversations that’s even
> better, because we all learn from each other’s experiences and opinions.
> There are however some people here who do not want their (Apple) mansion on
> the hill to get stained so they come out with guns blaring to protect their
> emotional investments. It is those people who cannot separate their pride
> from what has become almost a religion for them. If they can’t look at a
> situation logically and apply common sense to it then they attack the
> messenger to prevent him from informing others.
>
> Anyway, think whatever you’d like about me. If you want to attack or block
> me that is your prerogative. Just know that I am not a troll, but instead
> an iPhone user with eyes wide open who sees a larger picture than people
> like Jolly Roger, Your Name and Alan.
>

Indeed. It is quite possible to buy, use, and enjoy apple's products
without joining the cult. Same with my car, stove, and even my underwear.

Jolly Roger wrote:
> On 2024-03-23, badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>> Tyrone <none@none.none> wrote:
>>> On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:
>>>> badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>>>>>
>>>>> A new security vulnerability has been discovered in Apple's Mac and
>>>>> MacBook computers – and the worst part is that it's unpatchable.
>>>>
>>>> Wrong ng. Totally off topic here.
>>>
>>> And not important anyway. The trolls just wanted to screech about
>>> "unpatchable flaws".
>>>
>>> Because trolls.
>>
>> Hello Tyrone. I think you are new here since I don’t recognize your
>> name, but maybe you are a regular user with a new identity for all I
>> know.
>>
>> I have been an iPhone user since the 4 model and am currently on the
>> 14 model. My wife and one of my kids use iPhones and iPads. My mother
>> uses iPhones and iPads. I assure you that despite what Jolly Roger
>> says, I am not a troll.
>
> Here's an easy challenge, Tyrone (and anyone else reading this): go back
> and look at all of badgolferman's previous posts, and make note of how
> many are (a) negative news about Apple as opposed to positive, and (b)
> obvious bait for trollish flame wars that inevitably ensue, and where
> Arlen (under his many, many nyms) quickly steps in to sling childish
> insults at Apple users. It becomes *crystal* clear that badgolferman,
> Arlen, and a select handful of others are the actual Apple-hating trolls
> here. They think we don't see what they are doing, but it's all too
> obvious for anyone with a functioning brain to see. ; )
>

Sure glad you never make insults. Thanks for that.

Hank Rogers <Hank@nospam.invalid> wrote:
>
[snip]
>
>
> Indeed. It is quite possible to buy, use, and enjoy apple's products
> without joining the cult. Same with my car, stove, and even my underwear.
>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 SeaMonkey/2.53.18.1

Sure thing there sparky.

On 2024-03-24, Hank Rogers <Hank@nospam.invalid> wrote:
> Jolly Roger wrote:
>> On 2024-03-23, badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>>> Tyrone <none@none.none> wrote:
>>>> On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:
>>>>> badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>>>>>>
>>>>>> A new security vulnerability has been discovered in Apple's Mac
>>>>>> and MacBook computers – and the worst part is that it's
>>>>>> unpatchable.
>>>>>
>>>>> Wrong ng. Totally off topic here.
>>>>
>>>> And not important anyway. The trolls just wanted to screech about
>>>> "unpatchable flaws".
>>>>
>>>> Because trolls.
>>>
>>> Hello Tyrone. I think you are new here since I don’t
>>> recognize your name, but maybe you are a regular user with a new
>>> identity for all I know.
>>>
>>> I have been an iPhone user since the 4 model and am currently on the
>>> 14 model. My wife and one of my kids use iPhones and iPads. My
>>> mother uses iPhones and iPads. I assure you that despite what Jolly
>>> Roger says, I am not a troll.
>>
>> Here's an easy challenge, Tyrone (and anyone else reading this): go
>> back and look at all of badgolferman's previous posts, and make note
>> of how many are (a) negative news about Apple as opposed to positive,
>> and (b) obvious bait for trollish flame wars that inevitably ensue,
>> and where Arlen (under his many, many nyms) quickly steps in to
>> sling childish insults at Apple users. It becomes *crystal* clear
>> that badgolferman, Arlen, and a select handful of others are the
>> actual Apple-hating trolls here. They think we don't see what they
>> are doing, but it's all too obvious for anyone with a functioning
>> brain to see. ; )
>
> Sure glad you never make insults. Thanks for that.

I only insult cry bullies like you guys. I don't go to the Android or
Windows newsgroups to insult all of their users the way you guys do here
because I don't have a hate boner for an OS or devices I prefer not to
use. That's you guys. Cry harder. Your tears are the saltiest.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

*Hemidactylus* wrote:
> Hank Rogers <Hank@nospam.invalid> wrote:
>>
> [snip]
>>
>>
>> Indeed. It is quite possible to buy, use, and enjoy apple's products
>> without joining the cult. Same with my car, stove, and even my underwear.
>>
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
> Gecko/20100101 SeaMonkey/2.53.18.1
>
> Sure thing there sparky.
>

Thanks Hemorrhoidactylus.

badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
>
> The news articles I post are actual and true news stories about iPhones

Incorrect. It does not have anything to do with iphones.

Hank Rogers <Hank@nospam.invalid> wrote:
> *Hemidactylus* wrote:
>> Hank Rogers <Hank@nospam.invalid> wrote:
>>>
>> [snip]
>>>
>>>
>>> Indeed. It is quite possible to buy, use, and enjoy apple's products
>>> without joining the cult. Same with my car, stove, and even my underwear.
>>>
>> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
>> Gecko/20100101 SeaMonkey/2.53.18.1
>>
>> Sure thing there sparky.
>>
>
> Thanks Hemorrhoidactylus.
>
Take it to a Windows fanboi group since that’s your preferred OS poseur.