Industries

All industriesAgricultureAutomotiveConstruction & EngineeringEducationEnergy & MiningEntrepreneurshipESG & SustainabilityFinanceHealthcareHR & ManagementICTLegalLifestyleLogistics & TransportManufacturingMarketing & MediaPropertyRetailTourism & Travel

Special Sections

BizTrendsPendoringIMC ConferenceLoeriesWomen's MonthCannes LionsOrchids and Onions#StartupStoryMore Sections..

In the news

BET SoftwareOppoIrvine PartnersRichfield Graduate Institute of TechnologyTopco MediaESETEnquire about a company Biz Press Office

News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Ads & Rates

Submit content

My Account

Cybersecurity News South Africa

Subscribe

Trending

2 days 7 days 30 days By Industry

Elections 2024

Siviwe Gwarube tells us why the DA could help South Africa succeed!

Siviwe Gwarube tells us why the DA could help South Africa succeed!

sona.co.za

Advertise your job ad
    Submit a job ad >>
    Search jobs

    Jobs

    More jobsSubmit a jobOpen account

    How the 'GoFetch' attack could target your Mac

    Lindsey SchuttersBy Lindsey Schutters
    25 Mar 2024
    25 Mar 2024
    A newly discovered security flaw called GoFetch has Apple device users concerned. It's a sophisticated attack that targets the way recent Apple devices (those with M1, M2, M3, or A14 chips) handle information. Think of it like a program sneakily peeking into your computer's temporary memory to steal sensitive data involved in password protection and other security measures.
    Apple has found success with its Macs after moving to homebaked silicon because of the incredible battery endurance. Source: Apple Newsroom
    Apple has found success with its Macs after moving to homebaked silicon because of the incredible battery endurance. Source: Apple Newsroom

    Why does it matter? If successful, GoFetch could allow hackers to extract secret login details and other highly secure information from your Mac. The exploit targets the CPU’s on-chip data memory-dependent prefetcher (DMP) and is relatively unfixable on older processors.

    How difficult is it? While serious, it's not a simple attack. It takes significant technical skill and the ability to run a malicious program on your device.

    Qualcomm sets sights on Apple M2 laptops with Snapdragon X Elite
    Qualcomm sets sights on Apple M2 laptops with Snapdragon X Elite

      25 Oct 2023

    How it works

    Memory hunt Apple’s M-series processors try to be helpful by predicting what data you might need next and loading it in advance. GoFetch exploits this feature.

    Hunting for secrets The attack program looks for patterns in this pre-loaded data, things that resemble the way secure cryptographic keys (think of them like ultra-complex passwords) are constructed.

    Timing is everything GoFetch uses precise timing measurements to extract bits and pieces of those security keys, essentially piecing them together over time.

    While the GoFetch attack can potentially extract cryptographic keys from systems using Apple CPUs, it doesn’t directly relate to the functionality of Touch ID. There’s also no information available that suggests the GoFetch attack can be used to bypass Apple ID authentication or break into a Mac.

    Are you at risk?

    The flaw is specific to Apple's M1-series and A14 chips, so Intel-based Macs and other devices aren't affected.

    The attack needs a malicious program running directly on your Mac. This isn't something that can easily happen remotely.

    This isn't something the average person needs to lose sleep over, but staying vigilant is always wise. IT departments overseeing enterprise Mac fleets, however, should caution users about malicious actors.

    Protect yourself

    While the vulnerability is tied to hardware function and design, Apple is likely working on a fix for the M3 processors – which can have the DMP turned off. Users should install security updates as soon as possible.

    Avoid downloading software from dodgy sources or opening suspicious attachments – basic cybersecurity is still key.

    If you handle particularly sensitive information on your Mac, consulting a cybersecurity expert might provide peace of mind.

    GoFetch is a reminder no device is completely invulnerable. Awareness and smart practices are your best defence.

    Read more: Cybersecurity, Apple, MacBook Pro, Lindsey Schutters
    NextOptions

    About Lindsey Schutters

    Lindsey is the editor for ICT, Construction&Engineering and Energy&Mining at Bizcommunity

    Related

    5 ways your small business can strengthen its cybersecurity defence
    5 ways your small business can strengthen its cybersecurity defence
     1 day
    If the Anglo American buyout is completed, BHP Group will be a dominant player in critical minerals for the global energy transition.
    BHP eyes global copper dominance with Anglo American buyout
     2 days
    Gareth Clarke, Realme South Africa account lead, addresses the crowd at the Cape Town launch event.
    Realme sets sights on SA market with budget friendly, feature rich phones
     2 days
    Claimants in the Kabwe lead poisoning case will be escalating the ongoing dispute with Anglo American to the SCA
    Claimant lawyers accuse Anglo of ‘shocking indifference’ to Kabwe case
     23 Apr 2024
    Meta has unleashed its AI assistant into all of its social media apps.
    Meta slides AI assistant into DMs in 7 African countries
     22 Apr 2024
    Source: Aleksandar Pasaric/Pexels
    Anglo maintains innocence as Kabwe claimants given leave to appeal
     22 Apr 2024
    Sibanye-Stillwater's Marikana complex has faced the brunt of the PGM crisis
    Sibanye-Stillwater faces PGM headwinds, cuts jobs at ageing mine
     19 Apr 2024
    The Western Cape Alternative Energy Support Programme, has allocated R12.5M for Solar PV in trading and township hubs, helping 50+ businesses stay open.
    Western Cape initiative keeps small businesses afloat during power cuts
     19 Apr 2024
    More industry news

    Next
    Let's do Biz