According to university researchers, Apple Silicon has been exclusively hit with a new kind of data vulnerability, potentially heightening the risk posed by attackers.
The research team at the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington, has demonstrated a world-first Data Memory-Dependent Prefetcher (DMP) vulnerability, which has been given the name āAuguryā.
In the words of Tomās Hardware: āAugury takes advantage of Apple Siliconās DMP feature. This prefetcher aims to improve system performance by being aware of the entire memory content, which allows it to improve system performance by pre-fetching data before itās needed.
āUsually, memory access is limited and compartmentalized in order to increase system security, but Appleās DMP prefetch can overshoot the set of memory pointers, allowing it to access and attempt a prefetch of unrelated memory addresses up to its prefetch depth.ā
There are fears that attackers could potentially exploit the vulnerability to siphon off āat restā data, which can be exposed without the need for the processing cores to access it. Appleās DMP, in fact, can potentially leak the entire memory content, even if it isnāt being actively accessed.
As discovered by the researchers, the DMP solution is used in Appleās A14 chip, which powers the iPad Air and iPhone 12, and is present in the M1 and M1 Max chips as well. Furthermore, the team has speculated that the same vulnerability is carried by the M1 Pro and M1 Ultra, although this hasnāt yet been demonstrated.
Fortunately, Apple is said to be fully aware of these researchersā discoveries, and is hopefully looking into how the problem can be fixed. The researchers also sounded a note of reassurance, describing the issue as āright now not that bad.ā
