On 2024-03-23, badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

A new security vulnerability has been discovered in Apple's Mac and
MacBook computers – and the worst part is that it's unpatchable.

Academic researchers discovered the vulnerability, first reported by
Ars Technica, which allows hackers to gain access to secret encryption
keys on Apple computers with Apple's new Silicon M-Series chipset.
This includes the M1, M2, and M3 Apple MacBook and Mac computer
models.

Basically, this vulnerability can be found in any new Apple computer
released from late 2020 to today.

This is a prefetcher vulnerability, and most platforms have prefetchers. Security experts have long known that classical prefetchers open a side
channel that malicious processes can probe to obtain secret key material
from cryptographic operations. This vulnerability is the result of the prefetchers making predictions based on previous access patterns, which
can create changes in state that attackers can exploit to leak
information.

The short of it is that researchers in a lab have figured out a way to communicate with cryptography apps running on Apple Silicon in such a
way that they can learn the secret key used by those apps to encrypt information.

The attack requires the user to download, install, and run a malicious
app on the Mac. The malicious app doesn't require root access but does
require the same user privileges needed by most third-party applications installed on a macOS system.

M-series chips are divided into what are known as clusters. The M1, for example, has two clusters: one containing four efficiency cores and the
other four performance cores. The targeted cryptography app must be
running on the same performance cluster as the malicious app for the
attack to be successful.

It takes time for the attack to work, but it can be successful:

"The attack works against both classical encryption algorithms and a
newer generation of encryption that has been hardened to withstand
anticipated attacks from quantum computers. The GoFetch app requires
less than an hour to extract a 2048-bit RSA key and a little over two
hours to extract a 2048-bit Diffie-Hellman key. The attack takes 54
minutes to extract the material required to assemble a Kyber-512 key and
about 10 hours for a Dilithium-2 key, not counting offline time needed
to process the raw data."

There are different ways to mitigate this vulnerability, most of which
incur a performance penalty, some of which don't. But in the worst case,
the performance penalty would only impact cryptographic operations in
specific applications or processes.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 23.03.24 18:23, Tyrone wrote:

On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:

badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

A new security vulnerability has been discovered in Apple's Mac and MacBook >>> computers – and the worst part is that it's unpatchable.

Wrong ng. Totally off topic here.

And not important anyway. The trolls just wanted to screech about "unpatchable flaws".

Because trolls.

*You* are an idiot and a Troll!

--
"Ave Caesar! Morituri te salutant!"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:

badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

A new security vulnerability has been discovered in Apple's Mac and MacBook >> computers – and the worst part is that it's unpatchable.

Wrong ng. Totally off topic here.

And not important anyway. The trolls just wanted to screech about
"unpatchable flaws".

Because trolls.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-03-23 17:23:53 +0000, Tyrone said:

On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:

badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

A new security vulnerability has been discovered in Apple's Mac and
MacBook computers – and the worst part is that it's unpatchable.

Wrong ng. Totally off topic here.

And not important anyway. The trolls just wanted to screech about "unpatchable flaws".

Because trolls.

It's important for conspiracy nutters and paranoid loonies who think
every one is always out to get them and their "important secrets" (such
as watching cat videos on YouTube) have to be kept away from police and government "spies". :-\

The flaw may or may not be yet to be found in Apple's iPhone CPUs as
well. The flaw apparently "leaks" encyrption keys, meaing someone else
could decrpty your "secure" information ... if that someone is
determined enough to do it, which is unlikely to be worth the bother
anyway.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-03-23, badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

Tyrone <none@none.none> wrote:

On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote: >>> badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

A new security vulnerability has been discovered in Apple's Mac and
MacBook computers – and the worst part is that it's unpatchable.

Wrong ng. Totally off topic here.

And not important anyway. The trolls just wanted to screech about
"unpatchable flaws".

Because trolls.

Hello Tyrone. I think you are new here since I don’t recognize your
name, but maybe you are a regular user with a new identity for all I
know.

I have been an iPhone user since the 4 model and am currently on the
14 model. My wife and one of my kids use iPhones and iPads. My mother
uses iPhones and iPads. I assure you that despite what Jolly Roger
says, I am not a troll.

Here's an easy challenge, Tyrone (and anyone else reading this): go back
and look at all of badgolferman's previous posts, and make note of how
many are (a) negative news about Apple as opposed to positive, and (b)
obvious bait for trollish flame wars that inevitably ensue, and where
Arlen (under his many, many nyms) quickly steps in to sling childish
insults at Apple users. It becomes *crystal* clear that badgolferman,
Arlen, and a select handful of others are the actual Apple-hating trolls
here. They think we don't see what they are doing, but it's all too
obvious for anyone with a functioning brain to see. ; )

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

badgolferman wrote:

Tyrone <none@none.none> wrote:

On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:

badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

A new security vulnerability has been discovered in Apple's Mac and MacBook
computers – and the worst part is that it's unpatchable.

Wrong ng. Totally off topic here.

And not important anyway. The trolls just wanted to screech about
"unpatchable flaws".

Because trolls.

Hello Tyrone. I think you are new here since I don’t recognize your name, but maybe you are a regular user with a new identity for all I know.

I have been an iPhone user since the 4 model and am currently on the 14 model. My wife and one of my kids use iPhones and iPads. My mother uses iPhones and iPads. I assure you that despite what Jolly Roger says, I am
not a troll. I am an Apple customer, but not one that is so heavily
invested financially or emotionally in the Apple products and ecosystem. In fact I use Windows computers and prefer the Google desktop/cloud products. However I use iPhones because I’ve been doing so for over fifteen years and have become used to iOS, not wanting to learn Android. There are also indispensable apps on iOS I can’t do without.

The news articles I post are actual and true news stories about iPhones and Apple which I find interesting. It is my wish that others may find them interesting and informative as well. If they spur conversations that’s even better, because we all learn from each other’s experiences and opinions. There are however some people here who do not want their (Apple) mansion on the hill to get stained so they come out with guns blaring to protect their emotional investments. It is those people who cannot separate their pride from what has become almost a religion for them. If they can’t look at a situation logically and apply common sense to it then they attack the messenger to prevent him from informing others.

Anyway, think whatever you’d like about me. If you want to attack or block me that is your prerogative. Just know that I am not a troll, but instead
an iPhone user with eyes wide open who sees a larger picture than people
like Jolly Roger, Your Name and Alan.

Indeed. It is quite possible to buy, use, and enjoy apple's products
without joining the cult. Same with my car, stove, and even my underwear.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hank Rogers <Hank@nospam.invalid> wrote:

[snip]

Indeed. It is quite possible to buy, use, and enjoy apple's products
without joining the cult. Same with my car, stove, and even my underwear.

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 SeaMonkey/2.53.18.1

Sure thing there sparky.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Jolly Roger wrote:

On 2024-03-23, badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

Tyrone <none@none.none> wrote:

On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote: >>>> badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

A new security vulnerability has been discovered in Apple's Mac and
MacBook computers – and the worst part is that it's unpatchable.

Wrong ng. Totally off topic here.

And not important anyway. The trolls just wanted to screech about
"unpatchable flaws".

Because trolls.

Hello Tyrone. I think you are new here since I don’t recognize your
name, but maybe you are a regular user with a new identity for all I
know.

I have been an iPhone user since the 4 model and am currently on the
14 model. My wife and one of my kids use iPhones and iPads. My mother
uses iPhones and iPads. I assure you that despite what Jolly Roger
says, I am not a troll.

Here's an easy challenge, Tyrone (and anyone else reading this): go back
and look at all of badgolferman's previous posts, and make note of how
many are (a) negative news about Apple as opposed to positive, and (b) obvious bait for trollish flame wars that inevitably ensue, and where
Arlen (under his many, many nyms) quickly steps in to sling childish
insults at Apple users. It becomes *crystal* clear that badgolferman,
Arlen, and a select handful of others are the actual Apple-hating trolls here. They think we don't see what they are doing, but it's all too
obvious for anyone with a functioning brain to see. ; )

Sure glad you never make insults. Thanks for that.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-03-24, Hank Rogers <Hank@nospam.invalid> wrote:

Jolly Roger wrote:

On 2024-03-23, badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

Tyrone <none@none.none> wrote:

On Mar 23, 2024 at 1:16:29 PM EDT, "Chris" <ithinkiam@gmail.com> wrote:

badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

A new security vulnerability has been discovered in Apple's Mac
and MacBook computers – and the worst part is that it's
unpatchable.

Wrong ng. Totally off topic here.

And not important anyway. The trolls just wanted to screech about
"unpatchable flaws".

Because trolls.

Hello Tyrone. I think you are new here since I don’t
recognize your name, but maybe you are a regular user with a new
identity for all I know.

I have been an iPhone user since the 4 model and am currently on the
14 model. My wife and one of my kids use iPhones and iPads. My
mother uses iPhones and iPads. I assure you that despite what Jolly
Roger says, I am not a troll.

Here's an easy challenge, Tyrone (and anyone else reading this): go
back and look at all of badgolferman's previous posts, and make note
of how many are (a) negative news about Apple as opposed to positive,
and (b) obvious bait for trollish flame wars that inevitably ensue,
and where Arlen (under his many, many nyms) quickly steps in to
sling childish insults at Apple users. It becomes *crystal* clear
that badgolferman, Arlen, and a select handful of others are the
actual Apple-hating trolls here. They think we don't see what they
are doing, but it's all too obvious for anyone with a functioning
brain to see. ; )

Sure glad you never make insults. Thanks for that.

I only insult cry bullies like you guys. I don't go to the Android or
Windows newsgroups to insult all of their users the way you guys do here because I don't have a hate boner for an OS or devices I prefer not to
use. That's you guys. Cry harder. Your tears are the saltiest.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

*Hemidactylus* wrote:

Hank Rogers <Hank@nospam.invalid> wrote:

[snip]

Indeed. It is quite possible to buy, use, and enjoy apple's products
without joining the cult. Same with my car, stove, and even my underwear.

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 SeaMonkey/2.53.18.1

Sure thing there sparky.

Thanks Hemorrhoidactylus.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hank Rogers <Hank@nospam.invalid> wrote:

*Hemidactylus* wrote:

Hank Rogers <Hank@nospam.invalid> wrote:

[snip]

Indeed. It is quite possible to buy, use, and enjoy apple's products
without joining the cult. Same with my car, stove, and even my underwear. >>>

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0)
Gecko/20100101 SeaMonkey/2.53.18.1

Sure thing there sparky.

Thanks Hemorrhoidactylus.

Take it to a Windows fanboi group since that’s your preferred OS poseur.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)