What is GoFetch?
GoFetch is a newly found security flaw affecting Mac computers released after 2020. Because the bug is found in the hardware and not any part of the computer’s firmware or BIOS, it looks very unlikely that Apple will be able to patch the issue with a software update. All of the affected processors use the Apple Silicon architecture, which includes the M1, M2, and M3 chips.
How do I Stay Safe?
Luckily, GoFetch cannot be exploited remotely without any prior access to the target machine. The best way to stay safe from a GoFetch attack is to only run software from trusted sources. For university owned machines, make sure to only run software that has undergone BPM 12004 approval.
How can I Tell if I am Vulnerable?
The easiest way to tell if you are vulnerable to GoFetch is to reference the year your Mac was released. Any Mac model released during or after 2020 is vulnerable, because that is the year that Apple introduced the Apple Silicon processor architecture. If you aren’t sure what year your Mac model is from, it is easy to check. First, hit the Apple icon in the top left area of the screen:
Once the drop-down menu appears, hit “About This Mac.” Doing so should yield a box that looks like this:
In this case, underneath the header showing the type of Mac being used, you can see it says “M2, 2022.” M2 is the processor type and 2022 is the model year. Any Mac reporting its chip as Apple M1, M2, or M3 is vulnerable to GoFetch.
What are the Risks?
GoFetch allows a malicious process to access data reserved for other processes running on your machine. This could allow a malicious actor to extract arbitrary information from legitimate processes running on your computer- potentially including passwords and secret cryptographic keys. Attackers could use GoFetch to extract sensitive data, perform ransomware attacks, and get administrator access to your machine.
I Think I’ve Been Compromised- now What?
It is important to contact IT if you believe your workstation has been compromised by any type of malware. Make a ticket or bring your machine to the help desk in the library, the technicians there can evaluate the threat and escalate it to IT Security if necessary. Until technicians have diagnosed and returned your computer, it is best to keep potentially infected machines turned off and isolated from the campus network.