Security Vulnerability Discovered in Apple Macs: Your Crypto Wallet Might Be at Risk

Updated: 23 March 2024

Disclosure

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

A newly uncovered vulnerability in Apple’s M1, M2, and M3 series chips, which are the brains behind their latest devices, could expose users to potential crypto theft. This flaw allows for the manipulation of the CPU to steal cryptographic keys, crucial for safeguarding data privacy, including those used in software crypto wallets on Apple devices.

If you own an Apple device manufactured in the past five years, you might be at risk, as this vulnerability doesn’t leave much room for users to defend themselves against potential attacks. The primary victims of such an exploit are likely to be high-value targets, such as individuals possessing cryptocurrency wallets with substantial funds, according to Matthew Green, a cryptography expert and computer science professor at Johns Hopkins University. While the attack might not be practical for everyday use, it poses a significant threat to web browser encryption, impacting browser-based applications like MetaMask, iCloud backups, or email accounts.

Understanding the “GoFetch” Exploit: What It Means for You

The exploit, named “GoFetch,” was detailed in a report by researchers from prestigious institutions, including the University of Illinois Urbana-Champaign and the University of Washington. The attack leverages Data Memory-Dependent Prefetchers (DMPs) in the chips to access the CPU cache. By observing the side effects of secret-dependent accesses to the processor cache, attackers can infer a victim program’s secrets, even when the attacker and victim don’t share memory.

This disclosure is distinct from the “Augury” pre-fetchers exploit revealed in 2022 but operates on a similar principle. The research team notified Apple of their findings on December 5, 2023, and made their research public after more than 100 days had passed.

Apple’s Response and How to Protect Your Data

Apple has acknowledged the efforts of the researchers and pointed to a developer post that outlines a potential mitigation strategy. This workaround, however, may slow down application performance as it involves assuming “worst-case” processing speeds to avoid invoking the cache. The onus is on MacOS software developers to implement these changes, not the users.

Despite Apple’s response, some experts believe it falls short. Journalist Kim Zetter noted that Apple added a fix for this issue in its M3 chips released in October but failed to inform developers in time for them to enable it. It’s now up to wallet makers like MetaMask and Phantom to implement a patch to protect against the exploit. Until then, the safest course of action for crypto wallet users on vulnerable Apple devices is to remove the wallet from the device.

Apple users have historically felt secure from malware attacks due to the design of MacOS and iOS devices. However, a separate report by cybersecurity firm Kaspersky in January highlighted the emergence of malware targeting both Intel and Apple Silicon devices with “unusual creativity.” Specifically, the malware targeted Exodus wallet users, tricking them into downloading a fake, malicious version of the software.

Newly discovered vuln in Apple M-series chips lets attackers extract secret keys from Macs. "The flaw—a side channel allowing end-to-end key extractions when Apple chips run…widely used cryptographic protocols—can’t be patched" https://t.co/yjQTogcIzk

— Kim Zetter (@KimZetter) March 21, 2024

In summary, while Apple devices are generally regarded as secure, this newfound vulnerability in the cryptographic key management of their latest chips serves as a reminder that no system is entirely immune to threats. Users, especially those with significant cryptocurrency holdings, should remain vigilant and keep abreast of any developments or patches to safeguard their digital assets.

Exploring Cloudbet: A Leading Destination for Aviator Gaming and More

Cloudbet stands as a premier Aviator casino, renowned for its extensive selection of online games and e-sports betting since its 2013 launch. With over 100,000 users, its standout feature is the commitment to security, storing customer funds in cold storage. The platform’s user-friendly interface and diverse game collection, including slots, table games, and virtual games, cater to various preferences. Players can use multiple currencies or opt for ‘free play’ to explore games risk-free. Cloudbet also supports cryptocurrency deposits with specific minimum requirements, such as 0.01 ETH.

New users are greeted with a 100% deposit bonus up to 5 BTC, alongside ongoing promotions like loyalty rewards, free spins, and a $100,000 giveaway linked to popular Evolution games. This array of offerings ensures a thrilling gaming experience on Cloudbet.

You can sign up for Cloudbet casino here to claim your bonus, or read on to learn more about Cloudbet first.