They only mention that the fetching behaviour affected can be disabled on M3 by a special bit, but it sill suggests that M3 is fundamentally affected also just possibly to a lesser extent and to a lesser performance penalty.
@Cmaier : Appreciating that you are not working at Apple , but really just interested in getting your experienced take on this one...
At this stage in M4's development schedule (assuming readiness for a November release time frame) or even iPhone A18 in September / October time frame, would it be too late in the day to make small micro architectural security tweaks to the next apple silicon generation chips (assuming a fix is relatively small)?