Apple’s silicon was just found to have a new security vulnerability called “Augury” by researchers. But for now, they don’t seem too concerned about it.
The researchers, Michael Flanders from the University of Washington and Jose Rodrigo Sanchez Vicarte of the University of Illinois at Urbana – Champaign published their findings here. As reported by Digital Trends, the two discovered that the security flaw is because of Apple’s problematic implementation of something called the Data-Memory Dependent Prefetcher or DMP.
Apple’s relatively modern chips are the ones affected by this flaw. These are the M1, M1 Max, and A14 SoCs. As per the researchers, the DMP implementation in these chips could possibly leak data under the worst case scenario.
In their paper, they revealed that the way Apple did the DMP is far different from how traditional DMPs are implemented. In the Cupertino giant’s case, their CPU cores never read the “prefetched” data. This results into cybersecurity measures trying to track data access cannot detect them with the Augery vulnerability in place.
As for how hackers can attempt to use this to their advantage, assistant professor David Kohlbrenner at the University of Washington isn’t too concerned. In a tweet, he mentioned how the Apple DMP on the affected chips “is about the weakest DMP an attacker can get:”
(Photo : Feline Lim/Getty Images)
SINGAPORE, SINGAPORE – SEPTEMBER 24: An Apple logo is reflected on glass at the Apple Store at Orchard Road on September 24, 2021 in Singapore. Apple announced September 14 the release of four variants of its latest iPhone 13, alongside other upgrades to its product lineup.
In a report by 9To5Mac, this potential cybersecurity breach is against “data at rest.” But even if they’re mostly downplaying it, they did notify Apple about the vulnerability, so a patch to fix it could likely come soon. This would also be the first noteworthy security issue found in the M1 chip, which is already in use in a handful of modern Apple devices.
For now, if the cybersecurity researchers are not too concerned about Augury, you shouldn’t be. At least not yet. Apple already knows of it and will take steps to plug the holes, so to speak. Until then, just be careful with your device.
Read Also: Apple’s iPhone and Mac Sales Recorded Their Best March Quarter in History
Apple Chips And Bugs
Apple’s SoCs (aka the multiple generations of silicon that’s powering your smartphone or brand-new Mac Studio) are not completely free of security issues. That’s just the reality of this kind of tech. And the Cupertino tech giant has shown to be pretty generous with those who find any major problems in the past.
Just back in January, the company paid a cybersecurity student a $100,000 bounty for successfully finding a vulnerability that allows hackers to take over a Mac’s camera. As reported by WCCFTech, the amount the student got was the biggest that Apple has ever paid so far.
In the past, however, much of the security bugs in Apple’s products relied on software. The most recent major one involves iOS 15, with users being reminded to update their devices to iOS 15.3.1 immediately due to an unnamed security flaw.
Apple hasn’t commented on Augury yet, so this remains a developing story.
Related Article: Apple Pay’s Security Vulnerability Could Allow Hackers to Make Transactions! How to Avoid ASAP
This article is owned by Tech Times
Written by RJ Pierce
ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.