Researchers have discovered a new vulnerability in the latest Apple processors. As they comment, those affected are the M1 models and also the A14 Bionic that the iPhone 12 carry. It is a failure at the microarchitecture level that they have called ‘augury‘. Fortunately, at the moment it seems that it is not as dangerous as it seems.
This has been commented by Jose Rodrigo Sanchez Vicarte, from the University of Illinois; and Michael Flanders of the University of Washington. Both directed a group of researchers, who were in charge of post the discovery of the “Augury” fault. Furthermore, they confirm that all these discoveries were sent to apple before being officially published.
According to the group of researchers, Apple’s M1 and A14 chips use what has been called ‘Data Memory Dependent Prefetcher’, or WMD for its acronym in English. this entity is responsible for looking at the content stored in memory to decide which elements to prefetch.
How the Augury vulnerability works in Apple M1s
The team of researchers specifically tested the M1, M1 Max, and A14, finding that these chips precharge with a dereference pattern of arrays of pointers. With this, it was revealed that during the process data can be revealed that “is never read by any instructionnot even speculatively.” Such behavior differs from traditional processors.
Of course, this could lead to undesirable scenarios if cybercriminals take advantage of the vulnerability. The study explains that, in much of the security of hardware and software focused on the defense and prevention of attacks, it is “assumed that there is some type of instruction that gives access to the secret”. Nevertheless, these defenses could not come into action against Augury.
“Any defense that relies on tracking data accessed by the kernel (speculatively or non-speculatively) cannot protect against Augury, since the leaked data is never read by the kernel.”
Fortunately, it’s not that serious.
This seems to indicate David Kohlbrenner, assistant professor at the University of Washington. On his Twitter account he notes that an attack of this style is one of the weakest that can be carried out on the DMP.
In fact, the researchers themselves make it known in their study. Here, they comment that Augury not such a terrible weakness, at least not yet. Furthermore, they have not demonstrated any techniques that use this model to take advantage of the system.
It is not known if Apple has already started working on a patch for Augury., and the researchers are also unaware of this. However, the company takes the security of its devices quite seriously, so we will most likely see a solution soon. At the moment, at least we know that it is not as serious an issue as previously thought.