Several newer Apple devices have a unique flaw, eerily reminiscent of Spectre/Meltdown, that could allow threat actors to steal sensitive data, experts have warned.
A team of researchers from the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington have discovered a flaw in a unique feature of Apple Silicon called Data Memory-Dependent Prefetcher (DMP).
The flaw may affect a large amount of Apple's silicon, including its own internal M1 and M1 Max chips, the team warned.
Do not worry
The idea behind DMP is to increase system performance by preloading data, even before it is needed, data that is essentially at rest. Typically, for security reasons, the data would be limited and distributed among different compartments and extracted only when needed.
With DMP, data is recovered in advance and it is this data that can be viewed by unauthorized third parties, similar to the Spectre/Meltdown flaw. With the latter, however, the silicon would try to speculate what data might be used in the near future, which limits the attack surface somewhat. With Apple's DMP, all memory content could be leaked.
The researchers named the fault "Augurio." So far, Apple's A14 system-on-chip (SoC), found in the fourth-generation iPad Air and 1th-generation iPhone, M1, and M12 Max devices, has been found to be vulnerable. Although they suspect that older silicons (M1 Pro and M1 Ultra, for example) could also be vulnerable to Augury, so far they have only managed to show the flaw on these terminals.
Apple is said to be "fully aware" of the findings, which it has discussed with researchers, but has not yet shared any mitigation plans or update timelines.
TechRadar Pro has contacted Apple for comment.
Right now, there's not much to worry about, the researchers say, because they haven't yet demonstrated end-to-end exploits using Augury techniques. So no malware, at least not yet.
“Currently, only indicators can be disclosed, and probably only in the sandbox threat model,” they say. "If you're relying on ASLR in a sandbox, I'd be worried. If not, worry when the next set of attacks using Augury comes out.
Via: Tom's Hardware