This security flaw takes advantage of data memory-dependent prefetchers (DMPs), similar to speculative execution vulnerabilities like Spectre, creating a potential attack vector for hackers.

The researchers have now provided additional details on the GoFetch exploit. By enabling DMP, data can be leaked from a core's cache, as demonstrated on a dedicated GoFetch website. In a sped-up video, it was observed that 560 bits of data were leaked from an RSA-protected server within minutes.

Although the GoFetch vulnerability is comparable to other performance-boosting prediction features like Spectre and Meltdown, which can be patched at the software level by disabling the speculative feature, researchers have found this to be impossible for M1 and M2 CPUs.

The common question of whether DMP can be disabled was addressed by the researchers. They explained that while it is possible on some processors, such as M3 CPUs where the DIT bit can effectively disable the DMP, the same approach does not work for M1 and M2 chips. Thus, a software patch can resolve GoFetch for M3 and Raptor Lake CPUs, while M1 and M2 chips remain vulnerable.

Disabling a performance-enhancing feature due to data leakage concerns presents a significant challenge. One potential workaround suggested by the GoFetch paper is to blind the DMP to sensitive data during storage or retrieval from memory. However, implementing this approach would require extensive code revisions and could introduce performance penalties in certain cases.

Nevertheless, researchers have identified a workaround that does not involve code rewrites. Apple's M-series CPUs consist of two types of cores: Firestorm cores and Icestorm cores. The GoFetch exploit specifically targets Firestorm cores, including those in M1 and M2 CPUs. To mitigate the vulnerability, the GoFetch paper recommends running cryptographic work exclusively on the Icestorm cores, although this may result in reduced performance.

It is essential to address such vulnerabilities promptly to safeguard sensitive data on affected processors. The findings of the researchers shed light on the nature of the GoFetch exploit and provide recommendations for mitigating the risk until a comprehensive solution is developed.