Apple's PC and mobile chips suffer from world-first data theft exploit

News
By Sead Fadilpašić
published

Unique chips, unique vulnerabilities

Apple M1
(Image credit: Apple)

A number of newer Apple devices are carrying a unique flaw, eerily reminiscent of Spectre/Meltdown, that could allow threat actors to steal sensitive data, experts have warned.

A team of researchers from the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington, have discovered a flaw in a feature unique to Apple silicon, called Data Memory-Dependent Prefetcher (DMP).

The flaw possibly affects a whole host of Apple silicon, including its own in-house M1 and M1 Max chips, the team has warned.

Image

<a href="https://polls.futureplc.com/poll/2022-cybersecurity-survey" data-link-merchant="polls.futureplc.com"" target="_blank">Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the <a href="https://polls.futureplc.com/poll/2022-cybersecurity-survey" data-link-merchant="polls.futureplc.com"" data-link-merchant="polls.futureplc.com"" target="_blank">end of this survey to get the bookazine, worth $10.99/£10.99.

Not to worry

The idea behind DMP is to boost system performance by pre-fetching data, even before it’s needed - data that’s essentially at rest. Usually, due to security reasons, data would be limited and split between various compartments, and only pulled out when needed.

With DMP, data gets fetched in advance, and it’s this data that can be accessed by unauthorized third parties, similar to the Spectre/Meltdown flaw. With the latter, however, the silicon would try to speculate which data could be used in the near future, somewhat limiting the attack surface. With Apple’s DMP, the entire contents of the memory could be leaked. 

The researchers named the flaw “Augury”. So far, Apple’s A14 System on Chip (SoC), found in 4th Gen iPad Air and 12th Gen iPhone devices, M1, and M1 Max were all found to be vulnerable. While they’re suspecting older silicon (M1 Pro, and M1 Ultra, for example) might also be vulnerable to Augury, they’ve yet only managed to showcase the flaw on these endpoints

Read more

> Spectre returns - Intel and ARM-based CPUs hit by serious vulnerability

> AMD forced to fix Spectre patch after Intel reveals flaws

> Intel Tiger Lake processors will thwart future Spectre and Meltdown attacks

Apple is allegedly “fully aware” of the discoveries, which it has reportedly discussed with the researchers, but is yet to share any mitigations plans and patch timelines. 

TechRadar Pro has reached out to Apple for comment.

Right now, there’s only so much to be worried about, the researchers are saying, as they haven’t demonstrated any end-to-end exploits with Augury techniques, yet. So, no malware - at least not right now.

“Currently, only pointers can be leaked, and likely only in the sandbox threat model,” they say. “If you are counting on ASLR in a sandbox, I’d be worried. Otherwise, be worried when the next round of attacks using Augury come out.”

Via: Tom's Hardware

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.