Apple silicon has exclusive new type of security vulnerability

Apple M1 Chip Family Lineup
Apple M1 Chip Family Lineup (Image credit: Apple)

What you need to know

  • Apple silicon has a new type of data vulnerability.
  • University researchers have found the world's first "Data Memory-Dependent Prefetcher (DMP) vulnerability" dubbed 'Augury'.
  • It can let attackers access "at rest" data on chips like the M1 and A14 processors.

A new report from university researchers indicates Apple silicon has an exclusive new type of vulnerability that could make it vulnerable to attackers.

The research comes from a team at the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington, who have revealed a so-called a Data Memory-Dependent Prefetcher (DMP) vulnerability they've named 'augury'.

As explained by our friends at Tom's Hardware:

Augury takes advantage of Apple Silicon's DMP feature. This prefetcher aims to improve system performance by being aware of the entire memory content, which allows it to improve system performance by pre-fetching data before it's needed. Usually, memory access is limited and compartmentalized in order to increase system security, but Apple's DMP prefetch can overshoot the set of memory pointers, allowing it to access and attempt a prefetch of unrelated memory addresses up to its prefetch depth.

The upshot is that it could allow attackers to access "at rest" data that doesn't have to be accessed by the processing cores in order to be seen. As TH explains, that could mean "Apple's DMP can potentially leak the entire memory content even if it's not being actively accessed."

Affected devices include Apple's A14 chip that powers the iPad Air and iPhone 12, as well as Apple's M1 and M1 Max chips. The researchers speculate that M1 Pro and Ultra are also vulnerable, but they haven't been able to demonstrate this year.

Thankfully, Apple is fully aware of the discoveries and is hopefully working on a fix for the problem. Reassuringly, the researchers say the issue is "right now not that bad."

Stephen Warwick
News Editor

Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design. Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9