After digging into Apple Silicon hardware, a group of researchers have discovered a new vulnerability in both Apple’s latest M1 and A14 chipsets. The “Augury” Apple Silicon microarchitectural flaw has been demonstrated to leak data at rest but doesn’t appear to be “that bad” at this point.
Per the findings from Jose Rodrigo Sanchez Vicarte at the University of Illinois at Urbana Champaign and Michael Flanders at the University of Washington, a group of researchers has published details on their discovery. All of the details were shared with Apple prior to publishing).
The group uncovered that Apple chips use what’s called a Data-Memory Dependent Prefetcher (DMP) which looks at memory content to decide what to prefetch.
Apple’s M1, M1 Max, and A14 chipsets were tested and found to prefetch with an array-of-pointers dereferencing pattern. The researchers discovered that process can leak data that is “never read by any instruction, even speculatively!” They also believe the M1 Pro and possibly older A-series chips are vulnerable to the same flaw.
The researchers offered the following opinion as to how Apple’s DMP differs from traditional DMP vulnerabilities:
Once it has seen *arr[0] … *arr[2] occur (even speculatively!) it will begin prefetching *arr[3] onward. That is, it will first prefetch ahead the contents of arr and then dereference those contents. In contrast, a conventional prefetcher would not perform the second step/dereference operation.
According to the paper, data at rest attacks like this have proven troublesome in that most hardware or software defensive strategies to prevent “microarchitectural attacks assume there is some instruction that accesses the secret.” But data at rest vulnerabilities don’t work that way. Explaining further, the research says:
Any defense that relies on tracking what data is accessed by the core (speculatively or non-speculatively) cannot protect against Augury, as the leaked data is never read by the core!
The upside according to David Kohlbrenner, Assistant Professor at the University of Washington and principal investigator on the research team, is that this DMP “is about the weakest DMP an attacker can get.”
The researchers highlight that sentiment saying this vulnerability isn’t “that bad” for now and they haven’t demonstrated any “end-to-end exploits with Augury techniques at this time. Currently, only pointers can be leaked, and likely only in the sandbox threat model.”
In other words, the odds of this going wild and out into the world are pretty minimal, this exploit residing in the area of being largely academic.
Stay tuned for additional details as they become available.
Via 9to5Mac and prefetchers.info