Apple Silicon Security Flaw Discovered in iPhone 12 and M2 MacBook Air

[MacRumors]

A security vulnerability that could allow attackers to access sensitive data has been discovered in some Apple silicon GPUs.

A recent investigation by cybersecurity firm Trail of Bits discovered the security flaw, named "LeftoverLocals," which allows attackers with local access to a device to retrieve data processed in the GPU's local memory. The issue is particularly concerning because of the expanding use of GPUs in processing Large Language Models (LLMs) for AI applications.

According to the firm, the vulnerability enables an attacker to eavesdrop on another user's interactive LLM session, potentially accessing sensitive information. Apple told Wired that newer devices with the A17 Pro and M3 chips have received patches to address this flaw, and Trail of Bits found that the third-generation iPad Air had also received a fix.

Most older models with vulnerable GPUs, including the iPhone 12 and M2 MacBook Air, are still vulnerable. While Apple has taken steps to patch certain devices, it remains unclear if and when all impacted models will receive security updates to directly address the problem.

The nature of the LeftoverLocals vulnerability is such that it requires installation of a malicious app or physical access to the device. As always, Apple encourages users to install the latest available software update to ensure they receive security fixes.

Article Link: Apple Silicon Security Flaw Discovered in iPhone 12 and M2 MacBook Air

 

[I7guy]

Bottom line. Keep your devices safe. But glad the vulnerability is patched on newer hardware.

 

[LaterWolf]

One more reason to convince my friend to upgrade from her 12. But should've this happened in the first place,

 

[GMShadow]

The nature of the LeftoverLocals vulnerability is such that it requires physical access to the device,

This makes it more of an academic vulnerability - the number of people at risk of having their device stolen so someone can run this hack on it is infinitesimal. Patch it if possible, but 99.999% of people shouldn't be worried about this.

 

[falkon-engine]

Left Intel x86 in the dust yet we had the CVE-2023-38606 back door, and now this.

 

[t0rqx]

This is intended not a flaw.

 

[yellow8]

Should I replace my iPhone 12?

 

[Elusi]

The nature of these spectre-related alarms is pretty much always "theoretical" or "needs physical or elevated access in the first place to install" and then the manufacturer still happily pushes out performance-shattering patches as I assume it's just so awesome for them to have an excuse to cripple performance in older devices.

Yes, I'm cynical about this. Intel Skylake-PCs got hit so hard with all these and it's not particularly fun to chase what registry to tweak to regain performance after each big windows-update. Hope Apple does better.

 

[bviktor]

One more reason to convince my friend to upgrade from her 12. But should've this happened in the first place,

All devices get new vulnerabilities all the time. That includes new devices. We need a patch, not a new device.

 

[KOR1987]

I dunno what´s going on at AAPL nowadays.. Only sad and bad news.
iPhone 16´s ability will be limited.
Vision Pro will not support Wi-FI 6E.
No generative AI at all.
Siri is screwed up.
iPhone 15 does not sell in China.
AppleWatch Ultra 2 discounted 50% at Amazon..

I see AAPL having a time ticking bomb...

It gets worse and worse till worst parts coming soon.

 

[Zest28]

Will be interesting to see if Apple will fix the M2 MacBook Air or use this as an opportunity to motivate people to upgrade their M2 MacBook Air to the M3 MacBook Air, by claiming it's not fixable.

 

[spcopsmac21]

Should I replace my iPhone 12?

Apple will likely patch this in the next update. I wouldn’t worry to much about it honestly. Stay on the latest update and just listen out on the topic.
Apple is fast to address these things.

 

[GMShadow]

Will be interesting to see if Apple will fix the M2 MacBook Air or use this as an opportunity to motivate people to upgrade their M2 MacBook Air to the M3 MacBook Air, by claiming it's not fixable.

If someone has your Mac there are 1000 easier ways to get data off it than this.

 

[oofio2461]

So all A14 and M2 devices are affected or just these 2 models?

 

[spcopsmac21]

I dunno what´s going on at AAPL nowadays.. Only sad and bad news.
iPhone 16´s ability will be limited.
Vision Pro will not support Wi-FI 6E.
No generative AI at all.
Siri is screwed up.
iPhone 15 does not sell in China.
AppleWatch Ultra 2 discounted 50% at Amazon..

I see AAPL having a time ticking bomb...

It gets worse and worse till worst parts coming soon.

Many other investors are asking the same questions and have the same fears.
We will likely see Tim Cooke step down by the end of the year. If not by fiscal year end 2025.
Apple is discounting flagship items a week if not days after launch. It’s constant set back after set back.

 

[Victor Mortimer]

Will be interesting to see if Apple will fix the M2 MacBook Air or use this as an opportunity to motivate people to upgrade their M2 MacBook Air to the M3 MacBook Air, by claiming it's not fixable.

If they don't fix it, at least we'll get something from the class action lawsuit.

And if it slows down devices, at least we'll get something from the class action lawsuit.

Apple can't shift the blame to Intel any more.

 

[t0rqx]

I dunno what´s going on at AAPL nowadays.. Only sad and bad news.
iPhone 16´s ability will be limited.
Vision Pro will not support Wi-FI 6E.
No generative AI at all.
Siri is screwed up.
iPhone 15 does not sell in China.
AppleWatch Ultra 2 discounted 50% at Amazon..

I see AAPL having a time ticking bomb...

It gets worse and worse till worst parts coming soon.

Measurements taken to force people to upgrade. Apple knows that the ship is gonna sink, hence everyone is leaving the company and WSB horses have been implemented into the company to take full control and drive it down the core leaving with all the money.

 

[sw1tcher]

Most older models with vulnerable GPUs, including the iPhone 12 and M2 MacBook Air, are still vulnerable. While Apple has taken steps to patch certain devices, it remains unclear if and when all impacted models will receive security updates to directly address the problem.

Apple's way of suggesting to those with still vulnerable devices they need to replace them with patched iPhone 15 and M3 Macs because Apple doesn't want to see a 6th straight quarter of declining sales

Apple's sales fall for the fourth straight quarter despite a strong start for latest iPhones

Apple’s sales remained on a downward slope during the summer. That means a full year of declining revenue at the technology trendsetter with a long history of steady growth that turned it into the world’s most valuable publicly traded company.

apnews.com

 

[idmean]

The linked article says:

This is a co-resident exploit, meaning that a threat actor’s avenue of attack could be implemented as another application, app, or user on a shared machine. The attacker only requires the ability to run GPU compute applications, e.g., through OpenCL, Vulkan, or Metal.

So how does this align with this in the article?

The nature of the LeftoverLocals vulnerability is such that it requires physical access to the device, making remote exploitation highly improbable

 

[WarmWinterHat]

Apple's way of suggesting to those with still vulnerable devices they need to replace them with patched iPhone 15 and M3 Macs because Apple doesn't want to see a 6th straight quarter of declining sales

Apple's sales fall for the fourth straight quarter despite a strong start for latest iPhones

Apple’s sales remained on a downward slope during the summer. That means a full year of declining revenue at the technology trendsetter with a long history of steady growth that turned it into the world’s most valuable publicly traded company.

apnews.com

I'd be surprised if even one percent of owners of those devices replaced them because of this flaw.

I wouldn't.

 

[t0rqx]

Will be interesting to see if Apple will fix the M2 MacBook Air or use this as an opportunity to motivate people to upgrade their M2 MacBook Air to the M3 MacBook Air, by claiming it's not fixable.

They already claiming a one year old iPhone cannot have specific small features enhancements because it needs the new A-chip that supersedes it. For example A15 vs A16. Good example Stagemanager on iPads.

If they cannot fix that they will definitely not fix this.

They already ensured new patches to downgrade the radiosignal power on these devices. To, again, force people to upgrade.

 

[CharlesShaw]

I should probably stop letting strangers at conventions use my iPhone 12.

 

[Amazing Iceman]

Should I replace my iPhone 12?

Absolutely! Specially now that some carriers will pay you big bucks (up to $1000.00) for it if you commit to a 24-month plan with them.

 

[chrono1081]

Measurements taken to force people to upgrade. Apple knows that the ship is gonna sink, hence everyone is leaving the company and WSB horses have been implemented into the company to take full control and drive it down the core leaving with all the money.

This isn't remotely true. If you truly think this way I legit feel bad for you. This is a weird security flaw (which happens all the time, security is a game of cat and mouse), nothing more.

 

[RandyK92010]

A security vulnerability that could allow attackers to access sensitive data has been discovered in some Apple silicon GPUs.

A recent investigation by cybersecurity firm Trail of Bits discovered the security flaw, named "LeftoverLocals," which allows attackers with local access to a device to retrieve data processed in the GPU's local memory. The issue is particularly concerning because of the expanding use of GPUs in processing Large Language Models (LLMs) for AI applications.

According to the firm, the vulnerability enables an attacker to eavesdrop on another user's interactive LLM session, potentially accessing sensitive information. Apple told Wired that newer devices with the A17 Pro and M3 chips have received patches to address this flaw, and Trail of Bits found that the third-generation iPad Air had also received a fix.

Most older models with vulnerable GPUs, including the iPhone 12 and M2 MacBook Air, are still vulnerable. While Apple has taken steps to patch certain devices, it remains unclear if and when all impacted models will receive security updates to directly address the problem.

The nature of the LeftoverLocals vulnerability is such that it requires physical access to the device, making remote exploitation highly improbable. As always, Apple encourages users to install the latest available software update to ensure they receive security fixes.

Article Link: Apple Silicon Security Flaw Discovered in iPhone 12 and M2 MacBook Air

AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks

A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space.

www.bleepingcomputer.com