A security vulnerability concerning GPU has recently been uncovered in select iPhones and MacBooks by Trail of Bits, affecting millions of Apple devices as well as those with AMD or Qualcomm chips.
Researchers have named the issue “LeftoverLocals,” pinpointing a flaw in GPU memory responsible for storing AI data, which operates through the graphics unit instead of the SoC. This vulnerability exposes a risk wherein hackers can easily extract personal information readily available in the local memory of the GPU.
Acknowledging the severity of the situation, Apple has confirmed its awareness of the problem and has promptly issued patches for devices equipped with the M3 and A17 Bionic chips. However, older models such as the iPhone 12 Pro, iPads, and M2 MacBook Air remain exposed, awaiting necessary updates.
The exploit extends its reach to devices featuring GPUs from Apple, AMD, Qualcomm, and Imagination, while Nvidia, Arm, and Intel remain unaffected. As graphics units become increasingly intricate and take on expanded tasks, they inherently gain access to more data. In this case, hackers can exploit the vulnerability with less than 10 lines of code, enabling them to access uninitialized local memory ranging from 5 MB to 180 MB.
This security breach poses a tangible threat, allowing attackers to read data left on the user’s device, including significant components such as LLMs (large language models) predominantly utilized by generative AI services like ChatGPT.
Fortunately, all companies affected by these flaws have acknowledged the issue and committed to releasing updates to patch the vulnerabilities. Therefore, it is crucial to stay vigilant and promptly update your device once the fix becomes available, ensuring optimal security for your personal information.