Apple Silicon Security Flaw Discovered in iPhone 12 and M2 MacBook Air

[Elusi]

If it were so difficult to get physical and elevated access, iOS 17.3 wouldn’t include Stolen Device Protection.

Many people unknowingly provide elevated and physical access.

Strawman. If you have elevated access you have a thousand other much better attack vectors than this exploit.

 

[mazz0]

The issue is particularly concerning

It’s really not.

 

[I7guy]

Many other investors are asking the same questions and have the same fears.
We will likely see Tim Cooke step down by the end of the year. If not by fiscal year end 2025.
Apple is discounting flagship items a week if not days after launch. It’s constant set back after set back.

Hey may be very likely to step down but not for what you believe are his reasons.

But yeah, apples valuation and his compensation reflects “setback after setback”.

 

[mazz0]

…which allows attackers with local access to a device to retrieve data processed in the GPU's local memory…

Does this mean cache? Cos the M series chips use unified memory don’t they, there’s isn’t specific VRAM.

 

[JPack]

Strawman. If you have elevated access you have a thousand other much better attack vectors than this exploit.

This one clearly hasn't been closed like many others.

 

[farmboy]

AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks

A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space.

www.bleepingcomputer.com

Don't want to scare the usual "Apple is Doomed" brigade with facts.

 

[citysnaps]

I dunno what´s going on at AAPL nowadays.. Only sad and bad news.
iPhone 16´s ability will be limited.
Vision Pro will not support Wi-FI 6E.
No generative AI at all.
Siri is screwed up.
iPhone 15 does not sell in China.
AppleWatch Ultra 2 discounted 50% at Amazon..

I see AAPL having a time ticking bomb...

It gets worse and worse till worst parts coming soon.

It's a great time for perpetually unhappy Apple customers who insist on 100% perfection 100% of the time on everything Apple related to change brands and find happiness with another tech provider who offers that level of perfection.

Will you do it? It is a ticking time bomb after all.

 

[Chuckeee]

I'd be surprised if even one percent of owners of those devices replaced them because of this flaw.

I wouldn't.

Me neither but 1% of Apple users is a BIG number. I hope the number is much less than that.

In general, security flaws that require local access, do not concern me.

 

[BillM704]

In a way I'm glad this doesn't affect my M1 iPad Pro. But now I'm a bit wary of wanting to upgrade to anything M2/3 and beyond. Right now it's my only Apple device.

 

[coffeemilktea]

The nature of the LeftoverLocals vulnerability is such that it requires physical access to the device, making remote exploitation highly improbable

I hope Apple fixes this soon... I live in fear daily at the thought of highly-skilled state-sponsored hackers breaking into my house in the middle of nowhere and gaining physical access to my device. Why, they may even find a way to eavesdrop on all my LLM conversations where I try to discover the best way to prepare a really good taco!

Please, Apple, stop all these highly skilled hackers from stealing the secrets of TacoGPT!

 

[Unregistered 4U]

Without reading, “I bet this requires physical access”

Reading

UPDATE: Always remember when reading these, if someone has physical access to your computer, they’re not going to try whatever a security researcher has introduced as the “esoteric edge case hack of the day”. There are FAR more effective exploits than this for anyone with physical access to your system.

 

[Razorpit]

AppleWatch Ultra 2 discounted 50% at Amazon..

Dang! Post the link! I only see $50 off.

 

[mannyvel]

"Once someone breaks into your house they can play back the last few things you said at your desk."

 

[latweek]

I dunno what´s going on at AAPL nowadays..

Heey eerebody! It's alll goood! We're refurbishing used earphones and gettin retro 90s with a mashed up product line! Where's Sculley?

 

[Oberhorst]

I smell checkm8e 2

 

[dampfnudel]

Is the GPU in my 12 Pro affected as well or just the iPhone 12?

 

[zlt1228]

So can we assume All of A14 and A15 chips (and maybe A16) has been impacted?

 

[drumcat]

Someone would have to look at the memory of a GPU physically, on a MBA?

This is such an academic exercise. Bugger off.

 

[XXPP]

I dunno what´s going on at AAPL nowadays.. Only sad and bad news.
iPhone 16´s ability will be limited.
Vision Pro will not support Wi-FI 6E.
No generative AI at all.
Siri is screwed up.
iPhone 15 does not sell in China.
AppleWatch Ultra 2 discounted 50% at Amazon..

I see AAPL having a time ticking bomb...

It gets worse and worse till worst parts coming soon.

ha ha ha
I don't know how you can live without WI-FI 6E. This is a total disaster for 0.000000001% of people.

 

[bousozoku]

Measurements taken to force people to upgrade. Apple knows that the ship is gonna sink, hence everyone is leaving the company and WSB horses have been implemented into the company to take full control and drive it down the core leaving with all the money.

What will they do with that new campus if everyone is leaving the company?

 

[killhippie]

Well, the M1 had an unpatchable security flaw, It’s only fair the M2 does and probably there’s one laying around in the M3 that will pop up next year or even this year. This is the nature of silicon now, operating systems are pretty hardened but with this constant race to make new CPUs all the time, it seems that there are more security flaws or just the hackers have got better.

 

[Apple_Robert]

It takes local access to the Mac and phone and also someone who knows what he or she is doing. The likelihood of this being a threat to most of us is slim at best. Glad Apple addressed it just the same.

 

[picpicmac]

I dunno what´s going on at AAPL nowadays.. Only sad and bad news.

Maybe the issue is not AAPL...

 

[IG88]

AppleWatch Ultra 2 discounted 50% at Amazon

Where? I see no signs of this being a thing.

 

[killhippie]

It takes local access to the Mac and phone and also someone who knows what he or she is doing. The likelihood of this being a threat to most of us is slim at best. Glad Apple addressed it just the same.

It’s only been addressed in the latest iPhone and the latest chip set. The majority of people probably have got older iPhones like the 14 or M2 chip sets since there isn’t that many any M3 computers yet, and I for one will not not buy another computer just to get an M3 processor that’s just taking the p*ss if Apple thinks people are going to do that.

When they say they patched the flaw in the M3 does that mean it was patched in the actual silicon or was it patched with some kind of microcode update after the chip was created? Who knows but how do we know the M2 will get patched at all and a lot of people have got high-end M2 gear so I really do hope Apple gets their proverbial butts in gear and do something about it.

No matter how unlikey it is to get exploited the fact after the M1 had a flaw that couldn’t be patched, it’s just sad these M2 chips have yet another vulnerability after the M1, really Apple should have better security. or maybe it would be better if the rush to keep updating and making more and more money wasn’t the drive behind the company, but actually making secure devices was.