Replying to Avatar Marty Bent

Not ideal...

"The researchers demonstrated the capability to extract various cryptographic keys, including a 2048-bit RSA key within an hour and a 2048-bit Diffie-Hellman key in just over two hours."

GoFetch: a significant vulnerability in Apple's M-series.

https://www.tftc.io/apple-m-vulnerability-gofetch/

Avatar
ThyLobster 1y ago

As far as I understand it, you will need physical access to the machine and know what you are doing.

If someone has physical access to my machine, breaking encryption is probably not my biggest problem right now.

Reply to this note

Please Login to reply.

Discussion

Avatar
Niall Young 1y ago

No 😢 the article suggests any code running in user mode can attempt, sounds like indirect access to memory via cache, so just a matter of waiting and watching for long enough to collect what you need. If a browser running js can trigger it …. sounds pretty bad/deliberate regardless

#notyourkeys