Most older iPhones, Macs, and iPads are vulnerable to a new GPU security flaw

AppleInsiderAppleInsider
Posted:
in General Discussion

A security flaw named LeftoverLocals lets attackers access data that has been processed in a device's GPU, and while Apple says A17 iPhone and M3 Macs have fixes, older models do not.

Researchers show how a GPU vulnerability could be exploited
Researchers show how a GPU vulnerability could be exploited



The report, and the naming of LeftoverLocals, comes from Trail of Bits, which previously demonstrated how Apple's walled garden iPhone security can benefit hackers. The organization now says it has found "vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs."

It's a particularly significant vulnerability both because of the volume of data that may be read, and also because GPUs are being increasingly used in AI for processing of Large Language Models (LLMs.)

"By recovering local memory -- an optimized GPU memory region," wrote Trail of Bits in a blog post, "we were able to build a PoC [Proof of Concept] where an attacker can listen into another user's interactive LLM session (e.g., llama.cpp) across process or container boundaries."

A split-screen showing two text dialogs, one with a dark background and green text, and the other in red with white text, both discussing the Trail of Bits cybersecurity firm and its large clients like Google and Amazon.
Left: a user's typing into AI. Right: how much an attacker can receive



While Apple was reportedly slow to respond to information from the researchers, it did patch certain devices. "We re-tested the vulnerability on January 10," said the researchers, "where it appears that some devices have been patched, i.e., Apple iPad Air 3 (A12)."

"However, the issue still appears to be present on the Apple MacBook Air (M2)," they continue. "Furthermore, the recently released Apple iPhone 15 does not appear to be impacted as previous versions have been."

Apple has told Wired that fixes had been shipped for the latest iPhones and Macs with A17 and M3 devices,

How to protect yourself from LeftoverLocals



The vulnerability requires access to a user's device, it can't be done remotely. For now, for users with a vulnerable device, the best way to protect themselves is to never give a third party access to their devices. Also, users should also always install the latest security updates from Apple.

It's not clear if Apple has patch plans going forward for impacted devices.



Read on AppleInsider

Comments

  • Reply 1 of 8
    smaceslinsmaceslin Posts: 85member
    Well that is one way for Apple to force everyone to upgrade their M1s and M2s...
    bala1234williamlondonappleinsideruser
  • Reply 2 of 8
    davebarnesdavebarnes Posts: 367member
    "The vulnerability requires access to a user's device" is in the LAST paragraph.
    Should have been in the first sentence so I could stop reading there.
    mknelsonMisterKitwilliamlondoncornchipdewmedanoxbeowulfschmidtwatto_cobrajony0
  • Reply 3 of 8
    Fidonet127Fidonet127 Posts: 508member
    Not just Apple is affected, Apple, Qualcomm, AMD, and Imagination GPUs."
    dewmewatto_cobrajony0
  • Reply 4 of 8
    mknelsonmknelson Posts: 1,127member
    smaceslin said:
    Well that is one way for Apple to force everyone to upgrade their M1s and M2s...
    This isn't MacRumors…

    The vast majority of M1 and M2 users won't be affected by this bug even if Apple doesn't patch all models. Requires physical access, is only useful for pulling info from LLM (and if you look at the screenshots it isn't even reliable at that), and it's present in Qualcomm, AMD, and Imagination GPUs (It's a conspiracy I tells ya!).
    watto_cobrajony0
  • Reply 5 of 8
    sbdudesbdude Posts: 261member
    davebarnes said:
    "The vulnerability requires access to a user's device" is in the LAST paragraph.
    Should have been in the first sentence so I could stop reading there.
    Exactly. Doesn't seem like much of a vulnerability to me.

    And I pity anyone who purposely hacks and reads my ridiculous conversations with AI.
    williamlondondewmewatto_cobrajony0
  • Reply 6 of 8
    steve_jobssteve_jobs Posts: 86member
    Fidonet127 said:
    Not just Apple is affected, Apple, Qualcomm, AMD, and Imagination GPUs."
    At a given time District 9 was affected too by the smb aka “ Server message block ver: whatever!”  :)
    watto_cobra
  • Reply 7 of 8
    tyler_sorensentyler_sorensen Posts: 1member
    This sentence is wrong and it makes the vulnerability seem less severe than it is:

    The vulnerability requires access to a user's device, it can't be done remotely.

    It doesn't require access to the device. The attack can be executed from a malicious app. The blog post states:

    This is a co-resident exploit, meaning that a threat actor’s avenue of attack could be implemented as another application, app, or user on a shared machine. The attacker only requires the ability to run GPU compute applications, e.g., through OpenCL, Vulkan, or Metal. These frameworks are well-supported and typically do not require escalated privileges.

    It is still not trivial to exploit (apps need to be run at the same time), but certainly doesn't require physical access.
    avon b7muthuk_vanalingamsphericwatto_cobra
  • Reply 8 of 8
    jellybellyjellybelly Posts: 111member
    If you had sensitive data that might reside in cache in the GPU, could you render 1 minute of non-sensitive video to flush any sensitive data in the cache, immediately after dealing with sensitive data? 
    Or is it concurrent data that is in GPU at the same time as a bad-actor App is running?
    I’m guessing it’s the later. The first guess would be hit or miss proposition as to getting targeted sensitive data. 
    I may be totally off base here—can anyone comment?
    watto_cobra
Sign In or Register to comment.