Virtually every electronic device is capable of being hacked, including Apple’s. To that point, Trail of Bits recently discovered a new attack through a GPU security flaw. Even though it seems Apple has addressed this issue in some iPhone and MacBook models, iPhone 12 and M2 MacBook Air owners are still unprotected against this security flaw.
The security researchers at Trail of Bits discovered the LeftoverLocals vulnerability in the graphic processor units made by Apple, Qualcomm, and others. With this exploit, an attacker with local access to your iPhone 12 or M2 MacBook Air could read data in the GPU. In the article, they say they were able to read the results of an AI chatbot query.
Interestingly, Trail of Bits reached out to Apple before publishing its findings. The company has addressed this issue with several devices, although some are still vulnerable:
Despite multiple efforts to establish contact through CERT/CC, we only received a response from Apple on January 13, 2024. We re-tested the vulnerability on January 10 where it appears that some devices have been patched, i.e., Apple iPad Air 3rd G (A12). However, the issue still appears to be present on the Apple MacBook Air (M2). Furthermore, the recently released Apple iPhone 15 does not appear to be impacted as previous versions have been. Apple has confirmed that the A17 and M3 series processors contain fixes, but we have not been notified of the specific patches deployed across their devices.
To Wired, an Apple spokesperson said the company “shipped fixes with its latest M3 and A17 processors, which it unveiled at the end of 2023.” However, the vulnerability remains on millions of existing iPhones, iPads, and MacBooks.
Should you worry about this new security flaw?
Yes, but not so much. Although this GPU exploit is pretty easy for hackers to access, the biggest issue is whether it could be chained to other attacks. Since hackers need local access, users don’t need to worry that much.
That said, a software update might be available soon for these devices that could prevent this security flaw in your M2 MacBook Air or iPhone 12.