Mac M1: a zero-day flaw can leak your personal data
Two American researchers have discovered a new flaw in Apple’s M1 chips. This is caused by the DMP feature which analyzes compute data to improve performance. Since some of this data never reaches the CPU core, a hacker could find a way to steal it.
The M1 chips have undeniably revolutionized the way Apple designs its computers. If only from a power point of view to begin with, the figures are impressive: the iMac M1s of 2021 are indeed 124% more powerful than the generation which precedes them. But like any processor, these are not not infallible. Some technical technical problems have thus been reported, such as the macOS 11.4 bug which caused abnormal wear of the SSD. And despite Apple’s reputation for this, M1 chips are not flawless.
Thus, a new vulnerability was discovered by Jose Rodrigo Sanchez Vicarte and Michael Flanders, two researchers working respectively at the University of Illinois and the University of Washington. Baptized ” Augury“, this flaw operates at the level of the Data-Memory Dependent Prefetcher (DMP), a process that analyzes the data stored in the memory in order to predict which will be the most useful during the calculations. On paper, this system is very effective in improve flea speed.
Augury Flaw May Leak Data on M1 Chips
Gold on chips M1, M1 Pro, M1 Max and A14, some of these data never reach the core, since they are not useful for future calculations. According to the researchers, the process may therefore be at the origin of data leak. Even more problematic, there is currently no truly effective protection against this flaw. As the researchers explain, “Any defense that relies on tracking what data the core is accessing (speculatively or otherwise) cannot protect against Augury, because the leaked data is never read by the core”.
Related — Apple: Hackers Demand $50 Million Ransom or Leak Future Mac M1 Plan
Nevertheless, the researchers point out that this flaw is not not as bad as it looks. Indeed, the process “is about the lowest DMP an attacker can get”. In addition, the latter have not found any exploit of the fault at the present time.So don’t worry. These results will allow Apple to make the necessary corrections to further secure its chips.