Apple Silicon Exclusively Hit With World-First 'Augury' DMP Vulnerability
An anonymous reader quotes a report from Tom's Hardware: A team of researchers with the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington have demonstrated a world-first Data Memory-Dependent Prefetcher (DMP) vulnerability, dubbed "Augury," that's exclusive to Apple Silicon. If exploited, the vulnerability could allow attackers to siphon off "at rest" data, meaning the data doesn't even need to be accessed by the processing cores to be exposed. Augury takes advantage of Apple Silicon's DMP feature. This prefetcher aims to improve system performance by being aware of the entire memory content, which allows it to improve system performance by pre-fetching data before it's needed. Usually, memory access is limited and compartmentalized in order to increase system security, but Apple's DMP prefetch can overshoot the set of memory pointers, allowing it to access and attempt a prefetch of unrelated memory addresses up to its prefetch depth. If you feel your mind grasping at a certain familiarity with this, it's likely because the infamous Spectre/Meltdown vulnerabilities also try and speculate what data will be required by the system before it's even requested (hence the term speculative execution). But while side-channel vulnerabilities such as Spectre and Meltdown are only capable of leaking in-use data, Apple's DMP can potentially leak the entire memory content even if it's not being actively accessed. The nature of Apple's DMP also renders void some of the already-engineered fixes for speculative execution vulnerabilities -- those that rely on controlling what is visible to the processing cores. The researchers said that Apple is fully aware of their discoveries, but there are no plans for whether or not the company will deploy mitigations.
Read more of this story at Slashdot.