Earlier this week, the Ny Breaking team reported on one serious security flaw affecting millions of GPUs from Apple, AMD and Qualcomm – and today Apple officially confirmed that some of its products are indeed affected.
So far, Apple has stated that the iPhone 12 And M2 MacBook Air are affected, but it is likely that older Apple products still contain the vulnerability; the researchers Trace of bits who originally discovered the security flaw noted that the recently released iPhone 15 And M3 MacBook Pro It appears that a patch has been applied to fix the issue, but there is no concrete list of which products are still currently affected.
The vulnerability, called ‘LeftoverLocals’, allows hackers to read data previously processed by the device’s GPU. As security researchers at Trail of Bits have shown, an attacker can steal information such as the results of a search query given to an AI chatbot, such as ChatGPT. It’s also a remarkably simple process for hackers: The researchers were able to extract sensitive data from a target device with just ten lines of code.
In addition to Apple’s hardware, affected Qualcomm devices (which are believed to include dozens of Android phone and tablet models) have now also been patched, while AMD has said it is working on a range of fixes that will be available in March.
Should we be concerned about this?
Fortunately, you don’t have to panic right away. As our Pro team noted yesterday, LeftoverLocals requires pre-existing access to a target device in order to work, meaning affected devices are not immediately vulnerable. That means the exploit must be used in combination with more conventional cyber attacks (such as phishing emails) to be effective.
In other words, if you apply common cybersecurity best practices, don’t click on untrustworthy links! – you should be fine. However, Trail of Bits added that since the vulnerability is at the GPU level, hackers don’t need specific access to individual user accounts: once they have any kind of access to the device, they can steal data from any user.
With that in mind, it’s worth being extra careful now when using devices with shared accounts. For example, if you share a Chrome tablet with a child who has their own user account, hacking his or her profile could expose your account to a LeftoverLocals attack.
Of course, make sure you download all available security patches if you have a device with a Qualcomm, Apple, or AMD processor. If you’re using Intel, Nvidia, or MediaTek hardware, don’t worry!