Why it matters: Hardware-based security flaws like Spectre have been a serious issue for Intel and AMD since their discovery in 2018. Now one has emerged for Apple’s latest custom processors. Although not as serious as Spectre, it confirms that Apple silicon isn’t immune to vulnerabilities.
Researchers recently published a paper detailing a vulnerability they are calling Augury that affects Apple’s M1, M1 Max, and A14 processors. It might also reach older A-series chips and newer M1 relatives.
Although Augury hasn’t led to real exploits yet, it’s unique because it can leak data that neither the core nor any instructions have read. This nullifies many defenses against Spectre which work by tracking what data the core and instructions access.
We found a way to leak data on Apple Silicon processors that is “at rest”: that is, data the core never reads speculatively or non-speculatively.
This will be an odd one, so stick around for the 🧵 and see https://t.co/KCnw9PAlSS
— David Kohlbrenner (@dkohlbre) April 29, 2022
Augury comes from Apple silicon’s use of a Data Memory-Dependent Prefetcher (DMP) which is an optimization that accounts for the content of previous memory prefetches. That method provides a clue as to the memory’s contents, making it possible to leak them.
The researchers don’t think Augury is very dangerous partly because it only prefetches valid virtual addresses. However, it can break ASLR (Address Space Layout Randomization), which could be the first step in a serious exploit.
The authors of the paper sent Apple all the details on Augury before publishing their findings, so the company could provide a fix if it ever becomes a problem.