Security Alert: GPU Vulnerability Detected in Apple iPhone 12 and M2 MacBook Air

Update: 2024-01-17 20:29 IST

The Apple iPhone 12 and M2 MacBook Air have been found to have a vulnerability in the GPU that, if exploited, could allow attackers to access data on the device. Security researchers at Trail Bits discovered the vulnerability and showed an exploit that could allow an attacker to access data processed within the device's chip, revealing information that even includes results from tasks such as ChatGPT queries.

ADVERTISEMENT

The identified vulnerability, which has been named LeftoverLocals, was found in graphics processor units (GPUs) manufactured by Apple, Qualcomm, AMD and Imagination. Researchers have successfully demonstrated an exploit where an attacker with local access to the device can recover residual data on the GPU left over from previous processing, which explains the terminology.

Researchers have reportedly contacted Apple, Qualcomm, and other manufacturers about the issue. And according to a report by 9To5Mac, the company is also working on a solution to fix the issue. There were reportedly more Apple devices than the iPhone 12 and MacBook Air M2 affected by this vulnerability, including those powered by A17 and M3 chips. However, a security update was sent to them, and the issue was fixed. However, the iPhone 12 and MacBook Air M2 must be patched. Apple also confirmed to Wired that the two devices remain vulnerable.

The researchers said, “We re-tested the vulnerability on January 10 where it appears that some devices have been patched, i.e., Apple iPad Air 3rd G (A12). However, the issue still appears to be present on the Apple MacBook Air (M2). Furthermore, the recently released Apple iPhone 15 does not appear to be impacted as previous versions have been. Apple has confirmed that the A17 and M3 series processors contain fixes, but we have not been notified of the specific patches deployed across their devices.”

In particular, the exploit shown requires pre-existing access to the machine, placing it in a current low-risk category.

Tags:    

Similar News