Researchers find flaw in Apple Silicon chips, but it’s not ‘that bad’

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Researchers have discovered a microarchitectural flaw present in Apple Silicon chips that could lead to data leakage, though they said there is currently little cause for concern.

The so-called Augury flaw was discovered by a team of researchers led by Jose Rodrigo Sanchez Vicarte of the University of Illinois at Urbana Champaign and Michael Flanders of the University of Washington. Vicarte, Flanders, and other members of the team recently published details of the flaw in a new paper.

According to the researchers, the flaw exists in the Data-Memory Dependent Prefetcher (DMP) in Apple Silicon chips. DMPs, which decide what memory content to prefetch, are well-known in academic circles but have yet to be deployed in a commercial product.

We found a way to leak data on Apple Silicon processors that is “at rest”: that is, data the core never reads speculatively or non-speculatively.

This will be an odd one, so stick around for the and see

— David Kohlbrenner (@dkohlbre) April 29, 2022

“Classical prefetchers look only at the stream of previous addresses accessed. DMPs also consider on the content of the previously prefetched memory,” said David Kohlbrenner, another member of the team. “Inherently, the DMP’s choice thus reveals something about the content of memory.”

Apple’s M1 and A14 family of chips use a prefetcher that targets an array-of-pointers access pattern. Thought the exact details are complicated, this essentially means that the chips can leak data that isn’t read by any instruction.

Kohlbrenner noted, however, that this is “about the weakest DMP an attacker can get.”

“It only prefetches when content is a valid virtual address, and has a number of odd limitations,” he wrote on Twitter. “We show this can be used to leak pointers and break ASLR. We believe there are better attacks available.”

The flaw isn’t “that bad” currently, since it can only leak data pointers and “likely only in the sandbox threat model.”

However, similar flaws centered around data at rest can be tricky to protect against. That’s because leaked data is never read by the core, speculatively or non-speculatively.


The Lagos Herald

The Lagos Herald initiative trains individuals of all ages to be more discerning internet material consumers. With efforts particularly geared to engage Gen Z, college students, and older generations, we educate individuals on digital media literacy and fact-checking skills to recognize misinformation and disinformation. Our cutting-edge, digital-first program is continuously working to address the ever-changing world of disinformation on the internet. We think that when facts win, democracy triumphs.

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button