A group of researchers from US universities has discovered a vulnerability in Apple devices based on M1, M2 and M3 processors. It allows you to steal cryptographic keys, including those from crypto wallets.

To date, no cases of exploitation of the vulnerability have been recorded. However, the problem is that it is impossible to protect against it – users of devices on these processors can only delete cryptocurrency wallets. The vulnerability was fixed in M3 series processors in October last year, while instructions for developers on how to use the fix were posted on the Apple website only the other day.

The vulnerability is called GoFetch. A hacker exploiting the vulnerability could gain access to the CPU cache through memory prefetchers (DMPs) built into the chips. Scientists were able to confirm the possibility of using the vulnerability in practice in the Firestorm cores of the Apple M1 processor.

“As part of the attack, the attacker uses cache data to obtain information about the private key. At the same time, it does not have direct access to the memory of the cryptocurrency program, but can monitor the side effects available to it in the cache, for example, cache latency, and draw conclusions about the contents of the memory,” the researchers reported.

Earlier, Kaspersky Lab warned users of Apple devices about a new Trojan virus aimed at stealing cryptocurrencies.