A recent investigation by cybersecurity firm Trail of Bits discovered a security flaw dubbed “LeftoverLocals” that could allow attackers to access sensitive data in some Apple Silicon GPUs.
According to the report, the vulnerability allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs. LeftoverLocals impacts the security posture of GPU applications as a whole, with particular significance to LLMs and ML models run on impacted GPU platforms.
From the report: Despite multiple efforts to establish contact through CERT/CC, we only received a response from Apple on January 13, 2024. We re-tested the vulnerability on January 10 where it appears that some devices have been patched, i.e., Apple iPad Air 3rd G (A12). However, the issue still appears to be present on the Apple MacBook Air (M2). Furthermore, the recently released Apple iPhone 15 does not appear to be impacted as previous versions have been. Apple has confirmed that the A17 and M3 series processors contain fixes, but we have not been notified of the specific patches deployed across their devices.
Wired reports that an pple spokesperson acknowledged LeftoverLocals and noted that the company shipped fixes with its latest M3 and A17 processors, which it unveiled at the end of 2023. This means that the vulnerability is seemingly still present in millions of existing iPhones, iPads, and MacBooks that depend on previous generations of Apple silicon.
On January 10, the Trail of Bits researchers retested the vulnerability on a number of Apple devices. They found that Apple’s M2 MacBook Air was still vulnerable, but the iPad Air 3rd generation A12 appeared to have been patched.
MacRumors notes that the nature of the LeftoverLocals vulnerability is such that it requires physical access to the device, making remote exploitation highly improbable. As always, Apple encourages users to install the latest available software update to ensure they receive security fixes.
OpenAI has announced that it will be releasing a desktop app for the Mac. It…
Apple has released macOS Sonoma 14.5, iOS 17.5, iPadOS 17.5, watchOS 10.5, tvOS 17.5, and…
An announcement on the Apple Newsroom page says that Apple and Google have worked together…
Apple News+ has introduced Quartiles, a new original spelling game, and a new Offline Mode…
Apple Music celebrates the "‘greatest records ever made" with the launch of its inaugural 100…
PitPat, an online event platform, has unveiled its new metaverse application "PitPat Pro," which it…