Apple's Chips May Expose Your Account Info
Steps To Take While Critical Flaw Is Unaddressed
Several generations of Apple’s in-house microprocessors were designed with a security flaw, according to reports last week by security researchers. The nature of the flaw, which has been dubbed “GoFetch,” makes it difficult for Apple to remedy, which is yet to happen. (Some of Intel’s chips are also reportedly vulnerable, but, due to design differences, the flaw is more easily addressed in Intel’s products.)
The flaw and its implications made headlines in tech news. Absent, either mostly or entirely, from that coverage have been guidelines for small businesses and individuals to know if they are vulnerable and limit their exposures.
Who Is Vulnerable
All Apple’s M1, M2 and M3 processors appear vulnerable. These were included in MacBook laptops, Mac Minis and iPads sold from 2020 forward. To determine which processor is in a particular Mac, follow the instructions here. For iPads, click here.
Intel’s Raptor Lake processors, released in October 2022, are also potentially vulnerable. To determine which processor is in a particular Windows system, go to Control Panel, click System and Security, then click System.
Anyone using these processors is potentially vulnerable.
What Is Vulnerable
The flaw allows one computer program to steal another program’s cryptographic data. Basically, a malicious program could steal online banking information from a web browser or corporate V.P.N. credentials from a remote-access suite.
Once a system is infected, anything done or accessed on that system is potentially exposed.
Steps To Take
The vulnerability itself is not exploitable over a network. Cyber-adversaries first need to establish a beachhead, i.e. a running program, on each computer they target.
Until Apple issues a meaningful remedy, users of vulnerable systems should do the following to reduce the odds and increase the difficulty of establishing the necessary beachheads on their systems:
contact financial institutions and other critical entities at the first signs of troubles;
be especially cautious about potentially suspicious websites, emails, attachments, text messages and apps and programs;
look for and uninstall programs one does not recognize;
look for and remove unnecessary user accounts;
set up multi-factor authentication for financial and other critical applications and websites;
double check that antivirus software is updated and regularly scans vulnerable systems;
tighten firewall settings where possible; and
consider changing Wi-Fi passwords known by too many persons for too long a time.
Once Apple has issued a remedy, consider changing critical passwords that may have been compromised. That would be a good time to start using a password manager, if one does not already do so.
And, of course, good security practices are always a good idea.
This is a developing story. Subscribe, below, for updates.
Martin MartyG Gottesfeld “orchestrated one of the largest distributed-denial-of-service” (DDoS) cyberattacks “ever conducted,” according to the U.S. Justice Department. Disclosure—his family owns stock in Intel Corporation (NASDAQ:INTC), which competes directly against Apple’s chips.
MartyG Reports offers this information without any warranty of any kind, express or implied. The preceding is not intended as comprehensive. If you suspect you are a victim of cybercrime, you should take immediate actions outside the scope of this document to preserve evidence, mitigate risks and ensure continuity. State and federal laws may also require disclosure of cybersecurity incidents.
Useful to know. Thanks!