Skip to main content
  1. Home
  2. Computing
  3. News

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Researchers find new vulnerability with Apple Silicon chips

By

Researchers have released details of an Apple Silicon vulnerability dubbed “Augury.” However, it doesn’t seem to be a huge issue at the moment.

Jose Rodrigo Sanchez Vicarte from the University of Illinois at Urbana-Champaign and Michael Flanders of the University of Washington published their findings of a flaw within Apple Silicon. The vulnerability itself is due to a flaw in Apple’s implementation of the Data-Memory Dependent Prefetcher (DMP).

Recommended Videos

In short, a DMP looks at memory to determine what content to “prefetch” for the CPU. The researchers found that Apple’s M1, M1 Max, and A14 chips used an “array of pointers” pattern that loops through an array and dereferences the contents.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, Max (HBO), and more

This could possibly leak data that’s not read because it gets dereferenced by the prefetcher. Apple’s implementation is different from a traditional prefetcher as explained by the paper.

“Once it has seen *arr[0] … *arr[2] occur (even speculatively!) it will begin prefetching *arr[3] onward. That is, it will first prefetch ahead the contents of arr and then dereference those contents. In contrast, a conventional prefetcher would not perform the second step/dereference operation.”

Because the CPU cores never read the data, defenses that try to track access to the data don’t work against the Augery vulnerability.

David Kohlbrenner, assistant professor at the University of Washington, downplayed the impact of Augery, noting that Apple’s DMP “is about the weakest DMP an attacker can get.”

The good news here is that this is about the weakest DMP an attacker can get. It only prefetches when content is a valid virtual address, and has number of odd limitations. We show this can be used to leak pointers and break ASLR.

We believe there are better attacks possible.

— David Kohlbrenner (@dkohlbre) April 29, 2022

For now, researchers say that only the pointers can be accessed and even then via the research sandbox environment used to research the vulnerability. Apple was also notified about the vulnerability before the public disclosure, so a patch is likely incoming soon.

Apple issued a March 2022 patch for MacOS Monterey that fixed some nasty Bluetooth and display bugs. It also patched two vulnerabilities that allowed an application to execute code with kernel-level privileges.

Other critical fixes to Apple’s desktop operating system include one that patched a vulnerability that exposed browsing data in the Safari browser.

Finding bugs in Apple’s hardware can sometimes net a pretty profit. A Ph.D. student from Georgia Tech found a major vulnerability that allowed unauthorized access to the webcam. Apple handsomely rewarded him about $100,000 for his efforts.

David Matthews
David Matthews
Former Computing Writer
David is a freelance journalist based just outside of Washington D.C. specializing in consumer technology and gaming. He has…
Topics

Editors’ Recommendations

Apple’s AI-focused M5 chip enters mass production
MacBook Pro with M4

Apple has begun the mass production of its M5 chip, which is set to power next-generation products, including the upcoming Mac series and iPad. Coinciding with long-standing reports, the Cupertino-based tech brand is establishing a new node process for packaging the semiconductor. The technology is intended to provide improved AI performance on the devices it powers, according to ETnews.

Industry sources told the Korean publication that Apple began packaging the M5 chip last month. Taiwan's TSMC began the initial production of the M5 chip circuit using its 3nm process (N3P). The technology is expected to improve the power efficiency of the M5 chip by between 5% and 10%, and performance by 5% in comparison to the previous M4 chip, which will aid in improving AI performance on upcoming Mac and iPad models.

Read more
Apple isn’t addressing hardware threat to M-series Macs
A person running Steam on the M4 MacBook Pro. Rocket League is up on the screen

Security researchers have discovered new security flaws affecting Apple devices with M2 or A15 chips and onwards. This includes iPhones, iPads, Mac laptops, and Mac desktops. The vulnerabilities, dubbed SLAP and FLOP and first reported by Bleeping Computer, could allow attackers to read information from a user’s open web tabs. Depending on the tabs you have open, this could put sensitive data like passwords and banking information at risk. 

This isn’t a software problem, but rather a hardware flaw that affects CPUs and leaves them vulnerable to side channel attacks. This kind of exploit measures CPU activity and uses factors like power consumption, timing, and sound to infer information about the user’s behavior. The Spectre and Meltdown flaws from 2018 worked in a similar way.

Read more
Apple M5: Everything we know about Apple’s next-generation chip
A person uses an Apple Mac Studio and a Studio Display monitor at a desk.

With a new MacBook Air just around the corner, Apple is still in the process of rolling out its range of M4 chips. But that hasn’t stopped speculation mounting about the upcoming M5 chip -- which is due to arrive later this year -- along with all of the benefits it might bring.

Wondering what that might entail? You’re in the right place, as we’ve put together everything we know about Apple’s M5 chip, from the Macs it’ll come to and the performance you can expect to what’s rumored for the high-end chips in the M5 roster. Read on to get the lowdown.
Price and release date

Read more