A number of newer Apple devices are carrying a unique flaw, eerily reminiscent of Spectre/Meltdown, that could allow threat actors to steal sensitive data, experts have warned.
A team of researchers from the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington, have discovered a flaw in a feature unique to Apple silicon, called Data Memory-Dependent Prefetcher (DMP).
The flaw possibly affects a whole host of Apple silicon, including its own in-house M1 and M1 Max chips, the team has warned.
Not to worry
The idea behind DMP is to boost system performance by pre-fetching data, even before it’s needed – data that’s essentially at rest. Usually, due to security reasons, data would be limited and split between various compartments, and only pulled out when needed.
With DMP, data gets fetched in advance, and it’s this data that can be accessed by unauthorized third parties, similar to the Spectre/Meltdown flaw. With the latter, however, the silicon would try to speculate which data could be used in the near future, somewhat limiting the attack surface. With Apple’s DMP, the entire contents of the memory could be leaked.
The researchers named the flaw “Augury”. So far, Apple’s A14 System on Chip (SoC), found in 4th Gen iPad Air and 12th Gen iPhone devices, M1, and M1 Max were all found to be vulnerable. While they’re suspecting older silicon (M1 Pro, and M1 Ultra, for example) might also be vulnerable to Augury, they’ve yet only managed to showcase the flaw on these endpoints.
Apple is allegedly “fully aware” of the discoveries, which it has reportedly discussed with the researchers, but is yet to share any mitigations plans and patch timelines.
TechRadar Pro has reached out to Apple for comment.
Right now, there’s only so much to be worried about, the researchers are saying, as they haven’t demonstrated any end-to-end exploits with Augury techniques, yet. So, no malware – at least not right now.
“Currently, only pointers can be leaked, and likely only in the sandbox threat model,” they say. “If you are counting on ASLR in a sandbox, I’d be worried. Otherwise, be worried when the next round of attacks using Augury come out.”
Via: Tom’s Hardware
Reshared from www.techradar.com
Source: Read More