Apple's PC and mobile chips suffer from world-first data theft exploit

(Image credit: Apple)

A number of newer Apple devices are carrying a unique flaw, eerily reminiscent of Spectre/Meltdown, that could allow threat actors to steal sensitive data, experts have warned.

A team of researchers from the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington, have discovered a flaw in a feature unique to Apple silicon, called Data Memory-Dependent Prefetcher (DMP).

The flaw possibly affects a whole host of Apple silicon, including its own in-house M1 and M1 Max chips, the team has warned.

Not to worry

The idea behind DMP is to boost system performance by pre-fetching data, even before it’s needed - data that’s essentially at rest. Usually, due to security reasons, data would be limited and split between various compartments, and only pulled out when needed.

With DMP, data gets fetched in advance, and it’s this data that can be accessed by unauthorized third parties, similar to the Spectre/Meltdown flaw. With the latter, however, the silicon would try to speculate which data could be used in the near future, somewhat limiting the attack surface. With Apple’s DMP, the entire contents of the memory could be leaked.

The researchers named the flaw “Augury”. So far, Apple’s A14 System on Chip (SoC), found in 4th Gen iPad Air and 12th Gen iPhone devices, M1, and M1 Max were all found to be vulnerable. While they’re suspecting older silicon (M1 Pro, and M1 Ultra, for example) might also be vulnerable to Augury, they’ve yet only managed to showcase the flaw on these endpoints.

> Spectre returns - Intel and ARM-based CPUs hit by serious vulnerability

> AMD forced to fix Spectre patch after Intel reveals flaws

> Intel Tiger Lake processors will thwart future Spectre and Meltdown attacks

Apple is allegedly “fully aware” of the discoveries, which it has reportedly discussed with the researchers, but is yet to share any mitigations plans and patch timelines.

TechRadar Pro has reached out to Apple for comment.

Right now, there’s only so much to be worried about, the researchers are saying, as they haven’t demonstrated any end-to-end exploits with Augury techniques, yet. So, no malware - at least not right now.

“Currently, only pointers can be leaked, and likely only in the sandbox threat model,” they say. “If you are counting on ASLR in a sandbox, I’d be worried. Otherwise, be worried when the next round of attacks using Augury come out.”

System flaws are often used to deploy malware. Protect your premises with the best solutions on the market

Via: Tom's Hardware

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.