A security vulnerability affecting certain iPhones and MacBooks has been uncovered by Trail of Bits. Researchers have identified a GPU flaw impacting millions of Apple devices as well as products utilizing AMD or Qualcomm chips.
Dubbed LeftoverLocals, the issue pertains to GPU memory housing AI data, which is stored within the graphics unit rather than the SoC. This vulnerability enables malicious actors to extract sensitive personal information readily available in the local memory of the GPU.
Apple has acknowledged the issue and has already released patches for devices equipped with the M3 and A17 Bionic chipsets. However, older models such as the iPhone 12 Pro, iPads, and M2 MacBook Air remain vulnerable.
The exploit affects devices featuring GPUs from Apple, AMD, Qualcomm, and Imagination, while Nvidia, Arm, and Intel remain unaffected.
As graphics units become more intricate and take on additional tasks, they inevitably gain access to more data. In this scenario, hackers can leverage a concise code snippet to access uninitialized local memory ranging from 5 MB to 180 MB.
This loophole allows attackers to retrieve residual data from the user’s device, including LLMs (large language models) commonly utilized by generative AI services like ChatGPT.
Trail of Bits inquires about the residual data left by your ML model that could be compromised by another user
All companies affected by these vulnerabilities have acknowledged the issue and committed to releasing updates to rectify the situation. It is advisable to remain vigilant and promptly update your device once the patch becomes available.