Researchers find flaw in Apple Silicon chips, but it's not 'that bad'
Researchers have discovered a microarchitectural flaw present in Apple Silicon chips that could lead to data leakage, though they said there is currently little cause for concern.
Apple MacBook Pro
The so-called Augury flaw was discovered by a team of researchers led by Jose Rodrigo Sanchez Vicarte of the University of Illinois at Urbana Champaign and Michael Flanders of the University of Washington. Vicarte, Flanders, and other members of the team recently published details of the flaw in a new paper.
According to the researchers, the flaw exists in the Data-Memory Dependent Prefetcher (DMP) in Apple Silicon chips. DMPs, which decide what memory content to prefetch, are well-known in academic circles but have yet to be deployed in a commercial product.
"Classical prefetchers look only at the stream of previous addresses accessed. DMPs also consider on the content of the previously prefetched memory," said David Kohlbrenner, another member of the team. "Inherently, the DMP's choice thus reveals something about the content of memory."
Apple's M1 and A14 family of chips use a prefetcher that targets an array-of-pointers access pattern. Thought the exact details are complicated, this essentially means that the chips can leak data that isn't read by any instruction.
Kohlbrenner noted, however, that this is "about the weakest DMP an attacker can get."
"It only prefetches when content is a valid virtual address, and has a number of odd limitations," he wrote on Twitter. "We show this can be used to leak pointers and break ASLR. We believe there are better attacks available."
The flaw isn't "that bad" currently, since it can only leak data pointers and "likely only in the sandbox threat model."
However, similar flaws centered around data at rest can be tricky to protect against. That's because leaked data is never read by the core, speculatively or non-speculatively.
Read on AppleInsider
Apple MacBook Pro
The so-called Augury flaw was discovered by a team of researchers led by Jose Rodrigo Sanchez Vicarte of the University of Illinois at Urbana Champaign and Michael Flanders of the University of Washington. Vicarte, Flanders, and other members of the team recently published details of the flaw in a new paper.
According to the researchers, the flaw exists in the Data-Memory Dependent Prefetcher (DMP) in Apple Silicon chips. DMPs, which decide what memory content to prefetch, are well-known in academic circles but have yet to be deployed in a commercial product.
We found a way to leak data on Apple Silicon processors that is "at rest": that is, data the core never reads speculatively or non-speculatively.
This will be an odd one, so stick around for the and see https://t.co/KCnw9PAlSS— David Kohlbrenner (@dkohlbre)
"Classical prefetchers look only at the stream of previous addresses accessed. DMPs also consider on the content of the previously prefetched memory," said David Kohlbrenner, another member of the team. "Inherently, the DMP's choice thus reveals something about the content of memory."
Apple's M1 and A14 family of chips use a prefetcher that targets an array-of-pointers access pattern. Thought the exact details are complicated, this essentially means that the chips can leak data that isn't read by any instruction.
Kohlbrenner noted, however, that this is "about the weakest DMP an attacker can get."
"It only prefetches when content is a valid virtual address, and has a number of odd limitations," he wrote on Twitter. "We show this can be used to leak pointers and break ASLR. We believe there are better attacks available."
The flaw isn't "that bad" currently, since it can only leak data pointers and "likely only in the sandbox threat model."
However, similar flaws centered around data at rest can be tricky to protect against. That's because leaked data is never read by the core, speculatively or non-speculatively.
Read on AppleInsider
Comments
Seriously dude, chill tf out.
Keep in mind that these researchers apply a very stringent academic approach to what they consider data leakage. This is perfectly fine because a leak is a leak is a leak. What they don't assume in their declaration of a data leak is to differentiate the nature of the data that is being leaked. Not all data is secret data. Anything that can be done to keep secret data from being leaked by keeping it away from memory that is vulnerable to this issue serves to mitigate the problem. They discuss this exact strategy and how it has been successfully employed for mitigating Spectre vulnerabilities. As mentioned above, if the vulnerability exists in the sandbox, don't store your secrets in the sandbox.
Chip designers have to go to great lengths to squeeze out every possible optimization from the micro architecture. A lot of these optimizations are based on recognizing certain statistically predictable patterns in memory access. Unfortunately, taking advantage of this predictability and observable patterns exposes something that attackers can take advantage of. Removing the optimizations to thwart the vulnerability is highly undesirable, so other approaches have to be taken.
I'm sure that Apple is pleased that this issue has been brought to their attention relatively early in the M series lifecycle rather than several years or decades down the road.
I guess that means the M1 isn’t a commercial product?