• Uncategorised

Researchers find new vulnerability with Apple Silicon chips

Researchers have released details of an Apple Silicon vulnerability dubbed “Augury.” However, it doesn’t seem to be a huge issue at the moment. Jose Rodrigo Sanchez Vicarte from the University of Illinois at Urbana-Champaign and Michael Flanders of the University of Washington published their findings of a flaw within Apple Silicon. The vulnerability itself is due to a flaw in Apple’s implementation of the Data-Memory Dependent Prefetcher (DMP).

In short, a DMP looks at memory to determine what content to “prefetch” for the CPU. The researchers found that Apple’s M1, M1 Max, and A14 chips used an “array of pointers” pattern that loops through an array and dereferences the contents. This could possibly leak data that’s not read because it gets dereferenced by the prefetcher.

Apple’s implementation is different from a traditional prefetcher as explained by the paper. “Once it has seen *arr[0] … *arr[2] occur (even speculatively!) it will begin prefetching *arr[3] onward. That is, it will first prefetch ahead the contents of arr and then dereference those contents.

In contrast, a conventional prefetcher would not perform the second step/dereference operation.” Because the CPU cores never read the data, defenses that try to track access to the data don’t work against the Augery vulnerability. David Kohlbrenner, assistant professor at the University of Washington, downplayed the impact of Augery, noting that Apple’s DMP “is about the weakest DMP an attacker can get.”

The good news here is that this is about the weakest DMP an attacker can get.

It only prefetches when content is a valid virtual address, and has number of odd limitations. We show this can be used to leak pointers and break ASLR. We believe there are better attacks possible.

— David Kohlbrenner (@dkohlbre) April 29, 2022

For now, researchers say that only the pointers can be accessed and even then via the research sandbox environment used to research the vulnerability. Apple was also notified about the vulnerability before the public disclosure, so a patch is likely incoming soon. Apple issued a March 2022 patch for MacOS Monterey that fixed some nasty Bluetooth and display bugs.

It also patched two vulnerabilities that allowed an application to execute code with kernel-level privileges. Other critical fixes to Apple’s desktop operating system include one that patched a vulnerability that exposed browsing data in the Safari browser. Finding bugs in Apple’s hardware can sometimes net a pretty profit.

A Ph.D. student from Georgia Tech found a major vulnerability that allowed unauthorized access to the webcam.

Apple handsomely rewarded him about £100,000 for his efforts.

Editors’ Recommendations

Tags:

beauty-flash listed on couponmatrix.ukhyperoptic listed on couponmatrix.ukligo-electronics listed on couponmatrix.ukoak-furniture-superstore listed on couponmatrix.uksize listed on couponmatrix.uksizzling-pub-company listed on couponmatrix.uk
beauty-flash listed on couponmatrix.ukGive your hair, face and body the VIP treatment with the world-class cosmetics and beauty products available from Beauty Flash. Help yourself to a Beauty Flash promo code from us to cut the cost of sumptuous skincare, nourishing shaving gels, and everything you might need to give your bathroom cabinet a boost. From Beauty Flash Dermalogica skincare to revitalising Kerastase hair masks, you’ll be spoilt for choice by all the best brands in the business.
hyperoptic listed on couponmatrix.ukBoost your broadband power with Hyperoptic, one of the nation’s best-rated and most affordable internet providers. Ditching the old copper phone wires for fibre links directly to your building, Hyperoptic offers some of the fastest and most reliable broadband in Britain, so you never have to settle for lag or loading screens again. With flexible packages and even monthly rolling contracts, Hyperoptic also promises no price hikes – meaning no nasty surprises mid-contract! Whether you’re always battling for bandwidth or you’re a one-screen kind of household, you can still benefit from one of our Hyperoptic offers and get a really great price on your broadband.
ligo-electronics listed on couponmatrix.ukLigo Electronics is a leading provider of electrical and electronic components. The company offers a wide range of products, including semiconductors, radios, kettles, cordless phones and electromechanical devices. Whatever gap needs filling in your electrical inventory, remember to employ a Ligo Electronics discount code to snag savings on your purchase. Ligo Electronics also provides a variety of services, such as design, assembly, and test – to keep all your electricals in tip-top shape. Here at Groupon, we understand that saving money is important to our customers. That's why we work hard to find the best Ligo Electronics discount codes and voucher codes. We scour the internet for the latest deals and discounts, so you can be sure you're getting the best possible price on your next purchase. One of the top-performing products from Ligo Electronics is the LigoWave LW5 AP. This powerful access point is perfect for high-density deployments. It features a built-in switch and supports up to eight SSIDs. Plus, with our Ligo Electronics voucher codes, you can get this access point for a great price. The LW5 AP also includes a variety of security features, making it a safe and secure option for your network.
oak-furniture-superstore listed on couponmatrix.ukOak Furniture Superstore aims to bring highest quality oak furniture to your home, offering strength and durability to last a lifetime. When you use an Oak Furniture Superstore discount code from Groupon, you’ll enjoy savings across their range of dining, living room and bedroom furniture - all expertly designed here in the UK, using sustainably sourced oak. Set a tone of quality and comfort with any of Oak Furniture Superstore's signature pieces and make your house a home.
size listed on couponmatrix.ukAs part of the JD Sports group and launched in the year 2000, Size? has grown to be recognised in its own right and is now one of the leading high street stores and online suppliers of the best footwear brands, apparel and accessories. Discover trending women's boots, men's shoes and more for less using your Size discount code today and turn your footwear fashion sense up a notch. Not only has Size? expanded to include stores in the UK, Republic of Ireland, France, Italy, Germany, Spain, and the Netherlands, they have also been able to release a number of worldwide exclusives. With a growing reputation for being the place to shop for quality, we are proud to be able to offer Size? goods for less right here at Groupon.
sizzling-pub-company listed on couponmatrix.ukWhether you’re celebrating a special occasion, watching the footy with your mates or bonding over a family lunch, you can expect the warmest of welcomes, tasty grub and red-hot offers from Sizzling Pubs. Explore our Sizzling Pubs vouchers to knock money off already affordable prices - with plenty to offer all the family, you could treat the whole gang for less. With friendly service and a home-away-from-home atmosphere, Sizzling Pubs will make your good times go further.