Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Researchers find new vulnerability with Apple Silicon chips

Researchers have released details of an Apple Silicon vulnerability dubbed “Augury.” However, it doesn’t seem to be a huge issue at the moment.

Jose Rodrigo Sanchez Vicarte from the University of Illinois at Urbana-Champaign and Michael Flanders of the University of Washington published their findings of a flaw within Apple Silicon. The vulnerability itself is due to a flaw in Apple’s implementation of the Data-Memory Dependent Prefetcher (DMP).

In short, a DMP looks at memory to determine what content to “prefetch” for the CPU. The researchers found that Apple’s M1, M1 Max, and A14 chips used an “array of pointers” pattern that loops through an array and dereferences the contents.

This could possibly leak data that’s not read because it gets dereferenced by the prefetcher. Apple’s implementation is different from a traditional prefetcher as explained by the paper.

“Once it has seen *arr[0] … *arr[2] occur (even speculatively!) it will begin prefetching *arr[3] onward. That is, it will first prefetch ahead the contents of arr and then dereference those contents. In contrast, a conventional prefetcher would not perform the second step/dereference operation.”

Because the CPU cores never read the data, defenses that try to track access to the data don’t work against the Augery vulnerability.

David Kohlbrenner, assistant professor at the University of Washington, downplayed the impact of Augery, noting that Apple’s DMP “is about the weakest DMP an attacker can get.”

The good news here is that this is about the weakest DMP an attacker can get. It only prefetches when content is a valid virtual address, and has number of odd limitations. We show this can be used to leak pointers and break ASLR.

We believe there are better attacks possible.

— David Kohlbrenner (@dkohlbre) April 29, 2022

For now, researchers say that only the pointers can be accessed and even then via the research sandbox environment used to research the vulnerability. Apple was also notified about the vulnerability before the public disclosure, so a patch is likely incoming soon.

Apple issued a March 2022 patch for MacOS Monterey that fixed some nasty Bluetooth and display bugs. It also patched two vulnerabilities that allowed an application to execute code with kernel-level privileges.

Other critical fixes to Apple’s desktop operating system include one that patched a vulnerability that exposed browsing data in the Safari browser.

Finding bugs in Apple’s hardware can sometimes net a pretty profit. A Ph.D. student from Georgia Tech found a major vulnerability that allowed unauthorized access to the webcam. Apple handsomely rewarded him about $100,000 for his efforts.

Editors' Recommendations

David Matthews
David is a freelance journalist based just outside of Washington D.C. specializing in consumer technology and gaming. He has…
It’s time for Apple to finally kill the Mac Pro for good
A close-up of Apple's Mac Pro from 2019 showing the front "cheesegrater" grill and top handle.

The Mac Pro has always been the cream of the crop in terms of performance. That's why its transition to Apple Silicon has been so highly anticipated over these past couple years.

But with the latest reports pointing to yet another delay, it's time to get serious about whether or not an Apple Silicon Mac Pro make any sense at all in the new lineup Apple has created. Given the situation, maybe it's time for Apple to kiss this design goodbye for good.

Read more
New leak reveals exactly how Apple’s VR headset will work
A man using a virtual reality headset with controllers.

Apple’s forthcoming Reality Pro headset hasn’t even launched, yet it’s already been plagued by negative stories and general skepticism about its prospects. Yet a new report claims Apple is going to come out swinging with a full gamut of blockbuster apps and games for its high-end device, all in an attempt to win over wary customers.

First reported by Bloomberg journalist Mark Gurman, Apple is apparently building a host of apps and experiences that will entice people to shell out around $3,000 for the mixed-reality headset. These will include games, workouts, collaboration tools, and much more, with a mixture of virtual reality (VR) and augmented reality (AR) options.

Read more
9 new Apple products that could launch in 2023
The back of the iPhone 14 Pro Max.

As it currently stands, 2023 has already been a busy year for Apple. The company launched a new yellow iPhone 14, brought back the HomePod, and refreshed its Mac lineup with an M2 Mac mini and M2 MacBook Pro. But what else is on the docket? As it turns out, a lot more. From new iPhones, an upgraded Apple Watch, and possibly an AR headset, here are nine products we still expect from Apple in 2023.
iPhone 15 and iPhone 15 Pro

If there is any Apple product with an upgrade cycle that’s literally like clockwork, it’s the iPhone, which is always out in the fall. This year, we can expect the iPhone 15 lineup to include an iPhone 15, iPhone 15 Plus, iPhone 15 Pro, and iPhone 15 Pro Max. However, it is rumored that the iPhone 15 will have a bigger 6.2-inch display this year, but the rest of the lineup will have the same sizes as before.

Read more