Skip to main content
  1. Home
  2. Computing
  3. News

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Researchers find new vulnerability with Apple Silicon chips

By

Researchers have released details of an Apple Silicon vulnerability dubbed “Augury.” However, it doesn’t seem to be a huge issue at the moment.

Jose Rodrigo Sanchez Vicarte from the University of Illinois at Urbana-Champaign and Michael Flanders of the University of Washington published their findings of a flaw within Apple Silicon. The vulnerability itself is due to a flaw in Apple’s implementation of the Data-Memory Dependent Prefetcher (DMP).

Recommended Videos

In short, a DMP looks at memory to determine what content to “prefetch” for the CPU. The researchers found that Apple’s M1, M1 Max, and A14 chips used an “array of pointers” pattern that loops through an array and dereferences the contents.

Related

This could possibly leak data that’s not read because it gets dereferenced by the prefetcher. Apple’s implementation is different from a traditional prefetcher as explained by the paper.

“Once it has seen *arr[0] … *arr[2] occur (even speculatively!) it will begin prefetching *arr[3] onward. That is, it will first prefetch ahead the contents of arr and then dereference those contents. In contrast, a conventional prefetcher would not perform the second step/dereference operation.”

Because the CPU cores never read the data, defenses that try to track access to the data don’t work against the Augery vulnerability.

David Kohlbrenner, assistant professor at the University of Washington, downplayed the impact of Augery, noting that Apple’s DMP “is about the weakest DMP an attacker can get.”

The good news here is that this is about the weakest DMP an attacker can get. It only prefetches when content is a valid virtual address, and has number of odd limitations. We show this can be used to leak pointers and break ASLR.

We believe there are better attacks possible.

— David Kohlbrenner (@dkohlbre) April 29, 2022

For now, researchers say that only the pointers can be accessed and even then via the research sandbox environment used to research the vulnerability. Apple was also notified about the vulnerability before the public disclosure, so a patch is likely incoming soon.

Apple issued a March 2022 patch for MacOS Monterey that fixed some nasty Bluetooth and display bugs. It also patched two vulnerabilities that allowed an application to execute code with kernel-level privileges.

Other critical fixes to Apple’s desktop operating system include one that patched a vulnerability that exposed browsing data in the Safari browser.

Finding bugs in Apple’s hardware can sometimes net a pretty profit. A Ph.D. student from Georgia Tech found a major vulnerability that allowed unauthorized access to the webcam. Apple handsomely rewarded him about $100,000 for his efforts.

Editors’ Recommendations

Topics
David Matthews
David Matthews
Former Digital Trends Contributor
David is a freelance journalist based just outside of Washington D.C. specializing in consumer technology and gaming. He has…
Apple did the unthinkable with the new M4 chip
Apple introducing the new M4 chip.

Apple is doing something crazy with its new M4 chip. Although we're used to seeing new Apple silicon debut in Macs, Apple is bringing the M4 chip to the new iPad Pro first. The updated chip, which comes with an entirely new CPU architecture, builds on the GPU found in the M3 chip with ray tracing, mesh shading, and Apple's special Dynamic Cache.

With the M4, Apple says the new iPad Pro can deliver the same performance as a thin-and-light PC while using only a quarter of the power. That's due in no small part to the 3nm architecture the chip uses. The power envelope, according to Apple's claims, is all the more impressive considering the iPad Pro doesn't have any active cooling.

Read more
Apple has backed itself into a corner
Apple iPad Pro 11 with Apple Magic Keyboard.

Apple is rumored to finally be updating its new iPads at its forthcoming May 7 event. While this may come as a relief to anyone who’s been patiently waiting to upgrade their iPad Pro or iPad Air, a new report has thrown the whole situation into confusion.

That’s because the latest Power On newsletter from Bloomberg reporter Mark Gurman claims that the upcoming iPad Pro will contain an Apple M4 chip. On first blush, that doesn’t seem all that unusual -- the iPad Pro has come with an Apple silicon chip for years, after all. But here’s the wrinkle: this launch plan would mean the iPad will get an M4 chip before the Mac, and that has all kinds of weird implications. By delaying the iPad for so long, it looks like Apple has left itself with a very odd update cycle for its chips this time around.
The end of the M3 Ultra?

Read more
Apple already has its next big chip, but you may never see it
Apple Mac Studio top down view showing PC and keyboard.

Apple’s M3 series of chips has been a major improvement over what came before it, with users feeling the benefits across the Mac range. The only chip missing from the lineup is the M3 Ultra, which is reserved for Apple’s high-end Mac Studio and Mac Pro devices.

We’ve been hearing that Apple is thinking of shifting to an annual release cycle for its Mac chips, and with the M2 Ultra having made its debut in June 2023, everyone has been gearing up to see the M3 edition launching this summer.

Read more