According to university researchers, Apple Silicon has been exclusively hit with a new kind of data vulnerability, potentially heightening the risk posed by attackers.
The research team at the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington, has demonstrated a world-first Data Memory-Dependent Prefetcher (DMP) vulnerability, which has been given the name “Augury”.
In the words of Tom’s Hardware: “Augury takes advantage of Apple Silicon’s DMP feature. This prefetcher aims to improve system performance by being aware of the entire memory content, which allows it to improve system performance by pre-fetching data before it’s needed.
“Usually, memory access is limited and compartmentalized in order to increase system security, but Apple’s DMP prefetch can overshoot the set of memory pointers, allowing it to access and attempt a prefetch of unrelated memory addresses up to its prefetch depth.”
There are fears that attackers could potentially exploit the vulnerability to siphon off “at rest” data, which can be exposed without the need for the processing cores to access it. Apple’s DMP, in fact, can potentially leak the entire memory content, even if it isn’t being actively accessed.
As discovered by the researchers, the DMP solution is used in Apple’s A14 chip, which powers the iPad Air and iPhone 12, and is present in the M1 and M1 Max chips as well. Furthermore, the team has speculated that the same vulnerability is carried by the M1 Pro and M1 Ultra, although this hasn’t yet been demonstrated.
Fortunately, Apple is said to be fully aware of these researchers’ discoveries, and is hopefully looking into how the problem can be fixed. The researchers also sounded a note of reassurance, describing the issue as “right now not that bad.”