Part 3/5:

The Go Fetch Vulnerability

The Go Fetch vulnerability exploits a specific feature of the Apple silicon's data memory dependent prefetchers (DMPs). These prefetchers are designed to anticipate future memory accesses and preload data into the cache, improving performance. However, the researchers found that the DMPs do not properly validate whether a memory address is a valid pointer before attempting to prefetch it.

This flaw allows an attacker process to inject arbitrary memory addresses into the DMP, causing it to fetch and load those addresses into the cache. By carefully timing the cache access patterns, the attacker can then infer information about the memory contents of other processes, including sensitive cryptographic keys used for authentication and encryption.

The Implications

[...]