Researchers at three universities have unearthed a new vulnerability in Apple silicon used in Macs, iPhones, and iPads. But while any vulnerability is cause for alarm, the researchers note that that the risk is “Right now not that bad!”
The vulnerability, dubbed “Augury,” involves the Data-Memory Dependent Prefetcher (DMP) in Apple chips, which examines memory and decides what to prefetch. In tests with Apple’s M1 and A14 chips, the researchers found that the DMP leaks data while at rest. One of the researchers, David Kohlbrenner, tweeted some details about the Augury flaw.
Augury has been confirmed to exist in the A14, M1, and M1 Max processors. Older A-series chips and the M1 Pro and Ultra may be affected, but the researchers have not confirmed this. Intel-based Macs are not affected. Apple is aware of the flaw but has not yet issued a fix. The researchers have not discovered any exploits in the wild.
The researches from the University of Illinois at Urbana Champaign, the University of Washington, and Tel Aviv University created a website at prefectures.info with an FAQ and a paper with complete details. It’s all very technical, but this is the upshot:
These attacks are problematic because most defensive approaches in hardware or software for other microarchitectural attacks assume there is some instruction that accesses the secret. They can then either stop this access from occurring, or prevent the transmission of the secret. Data at rest attacks do not have this property, and must be mitigated differently.
On their website, the researchers note that Augury may not be a flaw to worry about right now. According to the Augury FAQ, the flaw could be exploited “if you are counting on ASLR in a sandbox.” Otherwise, the researchers caution that “the next round of attacks using Augury” could be more dangerous if Apple doesn’t issue a fix first.