Ars is reporting that there's a major silicon level vuln on AS Macs that allows a side channel attack to grab encryption keys and other cryptographic/decrypted data. Looks pretty bad :/
https://arstechnica.com/security/20...secret-encryption-keys-from-apples-mac-chips/
https://arstechnica.com/security/20...secret-encryption-keys-from-apples-mac-chips/
The flaw -- a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols -- can't be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.