Researchers have released details of Apple Silicon vulnerability called “Omen”. However, it does not seem to be a huge problem at the moment.
Jose Rodrigo Sanchez Vicarte of the University of Illinois at Urbana-Champaign and Michael Flanders of the University of Washington published its results of defect within Apple Silicon. The vulnerability itself is due to a flaw in Apple’s implementation of the Data-Memory Dependent Prefetcher (DMP).
In short, DMP looks at memory to determine what content to “take” for the CPU. The researchers found that Apple’s M1, M1 Max and A14 chips used a “set of pointers” template that traverses an array and unreflects the contents.
This may leak unread data because it is unreferenced by the prefetcher. Apple’s implementation is different from a traditional prefetcher as explained by the paper.
“Once it saw * arr … * Arr happen (even conjecture!) it will begin to precede * arr forward. That is, it will first preview the contents of arr and then unrefer those contents. In contrast, a conventional pre-catcher would not perform the second step / non-referral operation. “
Because the CPU cores never read the data, defenses that try to track access to the data do not work against Augery’s vulnerability.
David Kohlbrenner, an assistant professor at the University of Washington, downplayed Augery’s impact, noting that Apple’s DMP “is the weakest DMP an attacker can get.”
The good news here is that this is the weakest DMP an attacker can receive. It only previews when content is a valid virtual address, and has some weird restrictions. We show that this can be used to leak pointers and break ASLR.
We believe there are better attacks possible.
– David Kohlbrenner (@dkohlbre) April 29, 2022
Currently, researchers say that only the pointers are accessible and even then with the research sandbox environment used to investigate the vulnerability. Apple has also been notified of the vulnerability ahead of the public disclosure, so a patch is likely to come soon.
Apple released a March 2022 patch for MacOS Monterey that fixed a number of bad Bluetooth and screen bugs. It also patched two vulnerabilities that allowed an application to execute code with core-level privileges.
Other critical fixes to Apple’s desktop operating system include one that patched vulnerability that exposed browsing data in the Safari browser.
Finding bugs in Apple’s hardware can sometimes bring in a nice profit. Ph.D. a Georgia Tech student found a serious vulnerability that allowed unauthorized access to the webcam. Apple nicely rewarded him around $ 100,000 for his efforts.