URGENT Security Update: New Vulnerability Located in Apple Silicon Chips
URGENT Security Update
Researchers have discovered an extremely dangerous vulnerability in Apple Silicon Processors (M1, M2, M3). The vulnerability, known as GoFetch, allows attackers to access the encryption keys for the device, allowing them to access and decrypt encrypted files. This is scarily dangerous and, given the flaw is within Apple hardware itself, there is no known full patch. This could reduce the breach time of the device to under one hour.
The current known vulnerability does require physical access to the machine itself. This does reduce the risk but it does not eliminate it. More so, it becomes a compliance issue.
There are several mitigation efforts. However, all of these efforts will have a drastic hit to the overall performance of the machine, specifically connected to the encryption and decryption of the data. The researchers state there will be a noticeable operational impact of any effort. One mitigation effort is to utilize software encryption. A second is to override the processing location of the encryption. Finally, M3 chips do have an override flag. All known workarounds do have a significant speed impact. Per speculation, Apple is not expected to have a fix in future chips until later this year.
Encrypting files that contain client data is a requirement of the FTC Safeguards Rule. This new vulnerability exposes that client information if you store client data locally on a machine.
Financial Guardian Recommendations:
Avoid storing any client files on the hard drive of an Apple Silicone device
Sadly, apply software encryption to reduce the overall reach
Apply Apple updates as quickly as possible upon release
Store your device in a secured, locked location when not in use
Apple has not responded to the vulnerability yet.
Website of the research team: https://loom.ly/1Ad5oBY
Financial Guardians continues to provide urgent and relevant security-related updates/e-mails. Sign-Up today for continues access: https://loom.ly/Q1-sYD0
#cybersecurity #glba #taxes #taxtwitter #apple #mac #gofetch #irs