:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/metroworldnews/5FW4IZARPBET3OWV3XCAO3DWUY.jpg "Mobile and PC chips suffer first data theft flaw – FayerWayer")
A team of academics from the universities of Illinois Urbana-Champaign, Washington and Tel Aviv discovered a flaw in a function unique to the chips of Applecalled Data Memory-Dependent Prefetcher (DMP).
The exploit, called “Augury”, could allow attackers to steal sensitive dataaccording to the experts cited in the report of TechRadar.
Several devices with the chips from the Cupertino company could be affected. The faulty processors include the M1 and M1 Max.
The role of the DMP is to increase system performance by prefetching data, even before it is needed, data that is essentially at rest. Typically, due to security reasons, the data would be limited and partitioned into multiple compartments, and would only be extracted when needed.
That data is obtained in advance and is accessible to unauthorized third parties, similar to the Spectre/Meltdown flaw. However, in it the chip would try to speculate what data could be used in the near future, which would limit the attack somewhat. Instead, with Apple’s DMP, the entire memory content could be leaked.
discovered flaws
So far, the researchers found that system-on-chip (SoC) A14 de Applefound on iPad Air 4th generation and iPhone 12 devices, and the M1 and M1 Max, are vulnerable.
While they suspect that other chips like the M1 Pro and M1 Ultra They could also be affected by Augury, they have only managed to demonstrate the flaw in the aforementioned ones.
According to the scholars report, Apple is “fully aware” of the experts’ discoveries and that he has allegedly discussed with them, but has not yet shared any mitigation plan and patch schedule.
The researchers insist that the matter is very worrying. Although they believe that there is no malware yet, they assure that attacks with Augury could soon be generated that compromise user data.
–
