Unpatchable vulnerability in Apple chip leaks secret encryption keys

At this stage it is impossible to buy hardware that doesn’t have some serious security flaws.
The only question is how hard is it to protect against exploit.
The vast majority require physical access a few even require a rooted system with physical access.
While many of the early patches result in performance degradation on specific tasks, as the software updates catch up that smooths out.
And often the patches themselves are honestly unnecessary in a practical sense. I mean if somebody is in my server room unsupervised with malicious intent and has both the time and means to exploit one of those weaknesses I’ve had so much go wrong that patching the server is the least of my problems.
Implementing proper access controls on network traffic is a far better means of protection more than not.
Followed by some common sense processes and internal privacy policies.
 
Last edited:
Red Falcon said:
After the 80+ hardware exploits like Meltdown, Spectre, Foreshadow, etc. etc. etc., that were nearly all Intel-specific since January 2018, I highly doubt that.
Click to expand...
Spectre applies to ARM and Apple as well. Nearly 4 years ago ARM was hit with Straight Line Speculation. Meltdown was unique to Intel, but Apple last year had a Triangulation attack that also used a vulnerability in Apple hardware.
Shoganai said:
Or Brave, which I can have a million tabs open without any issues.
Click to expand...
Brave is based on Chrome.
Some people in here have selective memory.
Click to expand...
Everyone here has selective memory.
The DOJ is mostly run by decrepit morons that barely know how to use technology.
Click to expand...
This is not a topic of the DOJ situation but I really doubt the DOJ will lose this.
 
DukenukemX said:
Brave is based on Chrome.
Click to expand...
Thanks, Captain Obvious. I'm not having this issue with Brave on the M1 Mac that I have referring to the person I quoted about the struggles of M1 Macs using Google Chrome with 15+ tabs open. My point was he can still use a Chromium-based browser without having the performance issues that are plaguing Chrome because I'm not experiencing that issue with Brave.
 
DukenukemX said:
Spectre applies to ARM and Apple as well.
Click to expand...
True, and technically any CPU with any ISA that used speculative execution and branch prediction became vulnerable to Spectre, and some less so than others.
Not all ARM CPUs have those, though, and thus were not vulnerable.
 
d3athf1sh said:
ha ha. i bet they wish they would've just stuck with intel procs now instead of trying to force the world to abandon x86
Click to expand...

That’s true, because Intel hasn’t had any significant security breaches recently that I can think of…
 
The people that can take advantage of different cache executiontime of prefeched operation to deduce stuff like that.... show just how hard anything is in cryptography if you have physical access to a device.
 
DukenukemX said:
This explains the exploit pretty well. Whatever the mitigation is, will certainly slow down Apple Silicon in general.

View: https://youtu.be/-D1gf3omRnw?si=mBQGs-FFiQ3Samex
Click to expand...

People won't accept that most of the prefetch tricks have already been tried already. We are long past the Pentium / Athlon days. Most of the easy stuff has been done. Heterogeneous computing will likely be the next phase where we once again move to specialized units within APUs just stacked.

Most speed ups lately have been due to lax security rules in CPU designs and Apple is no exception. If Apple really was onto something you would have seen AMD and Intel immediately jump. You didn't which was the tell... especially Intel.
 
Last edited:
I am really not sure who would be the person that think that branching prediction and prefecthing to be new ? That not what behind Apple M1 performance jump I really do not think, I do not remember I time without it, the veryfist 8086 6bytes computer had those.

kac77 said:
Heterogeneous computing will likely be the next phase where we once again move to specialized units within APUs just stacked.
Click to expand...
That why the M1 platform is so good at common apple workload but pretty much your regular good cpu otherwise:
014.jpg
 
LukeTbk said:
I am really not sure who would be the person that think that branching prediction and prefecthing to be new ? That not what behind Apple M1 performance jump I really do not think, I do not remember I time without it, the veryfist 8086 6bytes computer had those.
Click to expand...
So far all the exploits for any CPU seems to revolve around branch prediction and cache. You don't see CPU's like Intel's ATOM or AMD's Jaguar CPU's effected by Spectre and Meltdown for this reason, because they don't have branch prediction. Apple's efficiency cores are also not effected by this vulnerability for the same reason, because they lack the data memory-dependent prefetchers (DMPs). The recommended method to mitigate this problem is to avoid using the DMPs, but that would drastically slow things down. AMD and Intel did some work arounds to help keep the memory safe, but it slows things down a bit. You don't want to use Apple's hardware without the DMPs.
 
Does anyone want to explain this to me like I’m 5? Is this really anything to worry about?
 
DukenukemX said:
So far all the exploits for any CPU seems to revolve around branch prediction and cache. You don't see CPU's like Intel's ATOM or AMD's Jaguar CPU's effected by Spectre and Meltdown for this reason, because they don't have branch prediction. Apple's efficiency cores are also not effected by this vulnerability for the same reason, because they lack the data memory-dependent prefetchers (DMPs). The recommended method to mitigate this problem is to avoid using the DMPs, but that would drastically slow things down. AMD and Intel did some work arounds to help keep the memory safe, but it slows things down a bit. You don't want to use Apple's hardware without the DMPs.
Click to expand...
Jaguar has branch prediction (out of order execution) and was technically effected by Spectre, albeit the one that requires physical access.
AMD also did not have the vast performance hit with its microcode patches in the same way that Intel's processors did, with some of the patches having up to a 60% performance hit.
 
Last edited:
DukenukemX said:
You don't see CPU's like Intel's ATOM or AMD's Jaguar CPU's effected by Spectre and Meltdown for this reason, because they don't have branch prediction.
Click to expand...
Or the market (the value of data-program running on those) is small ? An intel atom has a pipeline over 15 stages long, I doubt it does not have branch prediction, it would make little sense:
https://www.anandtech.com/show/2493/11
Atom's pipeline is a fairly deep 16 stages, with a 13 stage mispredict penalty.

https://www.tomshardware.com/news/intel-unveils-10nm-atom-tremont-microarchitecture
Intel beefed up Tremont's branch predictor to what it calls "Core-class" levels of performance, meaning the Atom cores will have nearly the same accuracy as their high-power Sunny Cove Core family counterparts. This is accomplished with a new dual-stage branch prediction implementation, though Intel isn't specifying which types of predictors it is using (TAGE is a likely suspect for the second stage).

Same for the Jaguar:
https://www.agner.org/optimize/microarchitecture.pdf
3.14 Branch prediction in AMD Bobcat and Jaguar
In my tests, the Bobcat and Jaguar were able to predict 16 or 17 branches per line of level-1 cache, depending on the position of the branches, but not 18.

Or they do not have similar issue, the password character validation instruction taking a different amount of time to return no than yes here sound like an error.
 
Last edited:
LukeTbk said:
Or the market (the value of data-program running on those) is small ? An intel atom has a pipeline over 15 stages long, I doubt it does not have branch prediction, it would make little sense:
https://www.anandtech.com/show/2493/11
Atom's pipeline is a fairly deep 16 stages, with a 13 stage mispredict penalty.
Click to expand...
The older Atoms did not have out of order execution, and instead used in order execution, which is why they were not vulnerable to Spectre.
 
Shoganai said:
Does anyone want to explain this to me like I’m 5? Is this really anything to worry about?
Click to expand...
It still needs physical access to your device and it's not exactly easy, so unless you are keeping information people would target you for on an M1 or M2 based device with out other forms of encryption then no.
 
Lakados said:
It still needs physical access to your device and it's not exactly easy, so unless you are keeping information people would target you for on an M1 or M2 based device with out other forms of encryption then no.
Click to expand...

Not physical access. A remote execution is sufficient. And over time it might be possible to exploit this from Javascript or Webassembly.
 
You must log in or register to reply here.
Back
Top