Trail of Bits uncovered a significant security vulnerability in certain iPhones and MacBooks, impacting millions of Apple devices and those equipped with AMD or Qualcomm chips. They named the flaw LeftoverLocals, found in GPU memory storing AI data through the graphics unit, not the SoC. This flaw enables hackers to easily access personal information stored in the GPU’s local memory.
Apple has acknowledged the issue and issued patches for devices featuring the M3 and A17 Bionic chips. However, older models like the iPhone 12 Pro, iPads, and M2 MacBook Air remain vulnerable. The exploit isn’t confined to Apple; it also affects devices with GPUs from AMD, Qualcomm, and Imagination, excluding Nvidia, Arm, and Intel.
As graphics units handle more tasks and grow in complexity, they gain access to more data. Exploiting this vulnerability requires less than 10 lines of code, allowing hackers to access uninitialized local memory ranging from 5 MB to 180 MB. This puts user data at risk, including information from large language models (LLMs) like those used by generative AI services such as ChatGPT.
Companies affected by these vulnerabilities have acknowledged the issue and committed to releasing updates. It is crucial to monitor your device closely and promptly apply the update once available to ensure protection against potential security threats.