Researchers have discovered a microarchitectural flaw in Apple's Silicon chips that could lead to a data breach, but they say there is nothing to worry about right now. The so-called Augury defect was discovered by a team led by Jose Rodrigo Sanchez Vicarte of the University of Illinois at Urbana-Champaign and Michael Flanders of the University of Washington. Vicarte, Flanders and other members of the team recently published details of the flaw in a new paper.
According to the researchers, the flaw is in the data-memory dependent prefetch (DMP) in Apple Silicon chips. DMP determines what memory content to prefetch, a technology well known in academia but not yet deployed in commercial products.
"Classic prefetchers only look at previously accessed address streams. DMP also takes into account the contents of previously prefetched memory, "says David Kohlbrenner, another member of the team. "In essence, the choice of DMP reveals something about the contents of memory."
Apple's M1 and A14 series of chips use a prefetcher for dot matrix access patterns. While the details are complicated, this basically means that these chips can leak data that has not been read by any command. However, Kohlbrenner points out that this is "the weakest DMP an attacker can get." "It only prefetches if the content is a valid virtual address and has some strange restrictions," he wrote on Twitter. Our study shows that this can be used to leak Pointers and break ASLR. We believe there are better methods of attack available."the bug isn't "so bad" yet, as it can only leak data Pointers and "probably only exists in sandbox threat models."
However, a similar flaw centered on static data is difficult to guard against because leaked data is never read by the core, whether speculative or not