Apple has had a terrible month. The EU hit Apple with a $2 billion fine, The United States sued Apple for allegedly monopolizing its stake in the smartphone market, and now an unpatchable exploit has been found with Apple’s M1, M2, and M3 series chips.
The EU’s $2 Billion Message to Apple
The European Union fined Apple $2 billion for what it found to be unfair practices around how it promoted and supported its own music streaming service and prevented competitor services from promoting direct-sale subscriptions, avoiding the Apple App Store fees.
The results of the lawsuit were immediately felt throughout the Apple ecosystem in the EU as Apple rolled out updates to its iOS operating system enabling users in the EU to download apps through alternative app store channels such as direct downloads from websites.
The United States Sues Apple for Monopolizing the Smartphone Ecosystem
The United States announced a lawsuit against Apple Inc. claiming that the tech giant has created a monopoly through its closed ecosystem. Apple’s iPhone, Apple Watch, App Stores, MacOS systems, and its practice of maintaining a walled garden-style relationship between its products and services created what the Department of Justice claims is an unfair advantage over its competitors.
GoFetch Exploit Leaves Encryption Keys Vulnerable with M-Series Chips
New research has surfaced that reveals a security vulnerability present on any Mac running on an M1, M2, or M3 series processor. This flaw could potentially leak secret end-to-end encryption keys on Macs which could be exploited by an attacker.
The exploit, named GoFetch, manipulates a feature in the M-series chips called data memory-dependent prefetcher, or DMP. This feature optimizes computer operations by predicting data addresses that are likely to be accessed next and placing pointers to these addresses in the computer's cache memory. However, researchers have found a flaw that could trick the DMP into adding data to the cache, which could expose encryption keys.
As the flaw is ingrained in the silicon, it is essentially non-patchable. There are mitigation techniques that developers could implement to reduce the exploit's efficacy. However, users are advised that there is currently no direct solution to address this issue.