Apple iPhone 12 and M2 MacBook Air have a GPU vulnerability that can let attackers access your data

11 months ago 64

A GPU vulnerability found in Apple iPhone 12 and M2 MacBook Air, can potentially allow attackers to access device data.

New Delhi,UPDATED: Jan 17, 2024 18:28 IST

The Apple iPhone 12 and M2 MacBook Air have been found to have a GPU vulnerability that, if exploited, could possibly allow attackers to access data on the device. Security researchers at Trail Bits have discovered the vulnerability and have showcased an exploit that could enable an attacker to access processed data within the chip of the device, revealing information even including outcomes of tasks like ChatGPT queries.

The identified vulnerability, which has been named LeftoverLocals, was found in the graphic processor units (GPUs) manufactured by Apple, Qualcomm, AMD, and Imagination. Researchers have successfully demonstrated an exploit wherein an attacker with local access to the device can retrieve residual data in the GPU left from previous processing, explaining the nomenclature.

Researchers have reportedly already communicated to Apple, Qualcomm, and the other manufacturers about the issue. And according to a report by 9To5Mac, the company is also working on a fix to patch the issue. Reportedly, there were more Apple devices than iPhone 12 and M2 MacBook Air that were affected by this vulnerability, including those running on A17 and M3 chips, but a security update was sent to those and the issue was patched. However, the iPhone 12 and M2 MacBook Air are yet to be patched. Apple also confirmed to Wired that the two devices are still vulnerable.

“We re-tested the vulnerability on January 10 where it appears that some devices have been patched, i.e., Apple iPad Air 3rd G (A12). However, the issue still appears to be present on the Apple MacBook Air (M2). Furthermore, the recently released Apple iPhone 15 does not appear to be impacted as previous versions have been. Apple has confirmed that the A17 and M3 series processors contain fixes, but we have not been notified of the specific patches deployed across their devices,” the researchers said.

Notably, the showcased exploit requires a pre-existing form of access to the machine, placing it in a category of low current risk.

We'd like two minutes of your time in order to understand you better. Please take this reader survey.

Published By:

Nandini Yadav

Published On:

Jan 17, 2024

Article From: www.indiatoday.in

Read Entire Article

Note:

We invite you to explore our website, engage with our content, and become part of our community. Thank you for trusting us as your go-to destination for news that matters.

Certain articles, images, or other media on this website may be sourced from external contributors, agencies, or organizations. In such cases, we make every effort to provide proper attribution, acknowledging the original source of the content.

If you believe that your copyrighted work has been used on our site in a way that constitutes copyright infringement, please contact us promptly. We are committed to addressing and rectifying any such instances

To remove this article:
Removal Request