GPU security flaw exposes AI data of millions of iPhones, MacBooks

A GPU security flaw has been discoeverd in certain iPhones and Macbooks by Trail of Bits. According to the researchers, millions of Apple iPhones and MacBooks, along with devices with AMD or Qualcomm chips, are affected.

The issue, called LeftoverLocals, is with GPU memory that stores AI data, which uses the graphics unit rather than the SoC. The vulnerability allows hackers to extract personal information that is easily accessible on the local memory of the GPU.

Apple confirmed it is aware of the problem and has already issed patches for devices with the M3 and A17 Bionic chip, but older iPhone 12 Pro, iPads, and M2 MacBook Air devices are still exposed.

The exploit can be found in devices with GPUs from Apple, AMD, Qualcomm, and Imagination. Nvidia, Arm, and Intel are not impacted.

With graphics units getting more complex and being required to perform more tasks over time, they are bound to have access to more data. In this case hackers can use less than 10 lines of code to access uninitialized local memory that is anywhere between 5 MB and 180 MB.

That way, attackers can read data from the victim that was left on the user’s device, including LLMs (large language models), primarily used by generative AI services like ChatGPT.

All companies with flaws in their units ackknowledged the issue and promised to issue an update to patch it. So keep an eye on your device and update it once the fix arrives.

Source | Via