The discovery of a severe vulnerability in Apple’s M-series chips, as revealed by academics, poses a significant threat to the security of Mac devices. This vulnerability, categorized as a side channel exploit, allows malicious actors to access confidential encryption keys used in cryptographic protocols executed by Apple chips.
Unlike typical vulnerabilities that can be addressed through software patches, this flaw is inherent to the microarchitectural design of the M-series chips, making it “unpatchable.” As a result, mitigating the vulnerability would require the adoption of third-party cryptographic software, which could potentially degrade the performance of the affected chips.
This discovery underscores a significant challenge for Apple’s hardware security infrastructure and raises concerns about the potential exploitation of sensitive information stored on Mac devices. If exploited, hackers could intercept memory access patterns to extract encryption keys, compromising the security of cryptographic applications and the confidentiality of user data.
Addressing this vulnerability will require coordinated efforts from Apple and the broader cybersecurity community to develop effective mitigation strategies and protect users from potential security threats. In the meantime, users should remain vigilant and implement additional security measures to safeguard their devices and data.
The discovery of the “GoFetch” exploit by researchers has raised concerns among Mac users regarding the security of their password keychains. This exploit operates within the user environment and can be executed with standard user privileges, similar to those required by regular applications.
Some users in online Mac forums have expressed varying degrees of concern and opinions about the potential impact of this vulnerability. While some believe that Apple will address the issue directly within its operating system to mitigate the problem, others point out that Apple may have been aware of this flaw for some time, as indicated by the addition of an instruction to disable DMP in the upcoming M3 chip. Previous research on similar vulnerabilities, dating back to 2022, has also been referenced in discussions.
This discovery coincides with Apple facing significant legal challenges, including an extensive antitrust lawsuit filed by the U.S. Department of Justice (DOJ). The lawsuit alleges that Apple’s app store rules and alleged monopoly practices have stifled competition and innovation. Additionally, the DOJ claims that Apple has restricted access to competing digital wallets and prevented developers from offering their own payment services to users, further exacerbating the antitrust allegations against the tech giant.
Vitalik Buterin supports ‘rainbow staking’ to fight centralization issues
Buterin stated that one of the critical problems with Ethereum’s proof-of-stake (PoS) is the potential centralization. He supported the concept of rainbow staking, initially introduced in February by Barnabe Monneau of the Ethereum Foundation. The proposed mechanism is designed to motivate all categories of service providers, both single and professionals, to participate.
One of the main ideas of the developer is to consolidate the existing division into “operators” and “delegators,” as well as the introduction of classes of “heavy” and “light” services with different levels of responsibility and income.
In his speech, Buterin drew attention to a category he called “lazy stakers”. Its representatives own 32 Ethereum (ETH), the minimum threshold for the validator to operate. Typically, such a group uses pools and liquid staking instruments. The Ethereum founder believes stakeholders could opt for individual staking to reduce centralization risks.
Buterin also noted that users were repeatedly told not to use Lido Finance, while its total value locked (TVL) is now $34.3 billion, being the largest Ethereum validator and controlling more than 30% of assets. Other major providers of liquid staking services include Binance and Coinbase, which are major crypto exchanges.
In October 2023, Buterin proposed staking changes aimed at reducing Ethereum’s centralization. He expressed concern about asset distribution among Ethereum liquid staking providers. At that time, the liquid pool of the Lido Finance platform controlled more than 70% of Ethereum in staking, although the asset is distributed among various validators.