Skip to main content
  1. Home
  2. Computing
  3. News

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Researchers find new vulnerability with Apple Silicon chips

Add as a preferred source on Google

Researchers have released details of an Apple Silicon vulnerability dubbed “Augury.” However, it doesn’t seem to be a huge issue at the moment.

Jose Rodrigo Sanchez Vicarte from the University of Illinois at Urbana-Champaign and Michael Flanders of the University of Washington published their findings of a flaw within Apple Silicon. The vulnerability itself is due to a flaw in Apple’s implementation of the Data-Memory Dependent Prefetcher (DMP).

Recommended Videos

In short, a DMP looks at memory to determine what content to “prefetch” for the CPU. The researchers found that Apple’s M1, M1 Max, and A14 chips used an “array of pointers” pattern that loops through an array and dereferences the contents.

This could possibly leak data that’s not read because it gets dereferenced by the prefetcher. Apple’s implementation is different from a traditional prefetcher as explained by the paper.

“Once it has seen *arr[0] … *arr[2] occur (even speculatively!) it will begin prefetching *arr[3] onward. That is, it will first prefetch ahead the contents of arr and then dereference those contents. In contrast, a conventional prefetcher would not perform the second step/dereference operation.”

Because the CPU cores never read the data, defenses that try to track access to the data don’t work against the Augery vulnerability.

David Kohlbrenner, assistant professor at the University of Washington, downplayed the impact of Augery, noting that Apple’s DMP “is about the weakest DMP an attacker can get.”

The good news here is that this is about the weakest DMP an attacker can get. It only prefetches when content is a valid virtual address, and has number of odd limitations. We show this can be used to leak pointers and break ASLR.

We believe there are better attacks possible.

— David Kohlbrenner (@dkohlbre) April 29, 2022

For now, researchers say that only the pointers can be accessed and even then via the research sandbox environment used to research the vulnerability. Apple was also notified about the vulnerability before the public disclosure, so a patch is likely incoming soon.

Apple issued a March 2022 patch for MacOS Monterey that fixed some nasty Bluetooth and display bugs. It also patched two vulnerabilities that allowed an application to execute code with kernel-level privileges.

Other critical fixes to Apple’s desktop operating system include one that patched a vulnerability that exposed browsing data in the Safari browser.

Finding bugs in Apple’s hardware can sometimes net a pretty profit. A Ph.D. student from Georgia Tech found a major vulnerability that allowed unauthorized access to the webcam. Apple handsomely rewarded him about $100,000 for his efforts.

David Matthews
David is a freelance journalist based just outside of Washington D.C. specializing in consumer technology and gaming. He has…
This free Mac app lets you lock individual apps with Face Unlock and Touch ID
Someone finally built the app locker every Mac user has been asking for.
FaceGate in action on Mac

If you have ever handed your Mac to a friend, family member, or coworker for "just a minute," you know the mild panic that follows. Sure, your Mac has a lock screen, but once someone is past it, they can open Messages, Photos, Notes, Mail, WhatsApp, and your browser.

iPhones had the same issue, but Apple solved it by adding an app lock feature with the iOS 18 update. Sadly, no such feature exists for macOS. That’s where the new FaceGate app for Mac can help you. It’s a free and open-source app that lets you lock apps on your Mac and even has some novel tricks up its sleeve. So, let’s talk about it, shall we?

Read more
The charm of a tiny Windows tablet is apparently at Microsoft. Long live the Surface Go!
Microsoft’s budget Surface era may be over
Microsoft Surface Go 3 stand.

Microsoft might be cleaning up its Surface lineup. According to Windows Central, Microsoft has stopped manufacturing the Surface Go and Surface Laptop Go lines, with no successors currently planned. Surface Go 4 and Surface Laptop Go 3 are reportedly out of stock in most places, and once remaining retail stock is gone, that may be it.

If this is true, then we are looking at the end of the brand's budget Surface PCs as Microsoft has plenty of premium Windows hardware.

Read more
Gemini Spark lands on the Mac, and it wants to tackle your chores while you relax
From messy downloads to date night reservations, Spark is here to lighten your load.
Gemini Spark mac app

Google has just announced a big batch of updates for Gemini Spark, making the assistant far more useful than before. Gemini Spark is finally coming to the Mac desktop app, bringing deeper app connections and a new way to keep tabs on what you care about. Let us break it down.

What can Spark do on your Mac now?

Read more