‘LeftoverLocals’ security flaw could allow attackers to access sensitive data in some Apple Silicon GPUs

A recent investigation by cybersecurity firm Trail of Bits discovered a security flaw dubbed “LeftoverLocals” that could allow attackers to access sensitive data in some Apple Silicon GPUs.

According to the report, the vulnerability allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs. LeftoverLocals impacts the security posture of GPU applications as a whole, with particular significance to LLMs and ML models run on impacted GPU platforms. 

From the report: Despite multiple efforts to establish contact through CERT/CC, we only received a response from Apple on January 13, 2024. We re-tested the vulnerability on January 10 where it appears that some devices have been patched, i.e., Apple iPad Air 3rd G (A12). However, the issue still appears to be present on the Apple MacBook Air (M2). Furthermore, the recently released Apple iPhone 15 does not appear to be impacted as previous versions have been. Apple has confirmed that the A17 and M3 series processors contain fixes, but we have not been notified of the specific patches deployed across their devices.

Wired reports that an pple spokesperson acknowledged LeftoverLocals and noted that the company shipped fixes with its latest M3 and A17 processors, which it unveiled at the end of 2023. This means that the vulnerability is seemingly still present in millions of existing iPhones, iPads, and MacBooks that depend on previous generations of Apple silicon. 

On January 10, the Trail of Bits researchers retested the vulnerability on a number of Apple devices. They found that Apple’s M2 MacBook Air was still vulnerable, but the iPad Air 3rd generation A12 appeared to have been patched. 

MacRumors notes that the nature of the LeftoverLocals vulnerability is such that it requires physical access to the device, making remote exploitation highly improbable. As always, Apple encourages users to install the latest available software update to ensure they receive security fixes.