Researchers find flaw in Apple Silicon chips, but it's not 'that bad'

Researchers have discovered a microarchitectural flaw present in Apple Silicon chips that could lead to data leakage, though they said there is currently little cause for concern.

The so-called Augury flaw was discovered by a team of researchers led by Jose Rodrigo Sanchez Vicarte of the University of Illinois at Urbana Champaign and Michael Flanders of the University of Washington. Vicarte, Flanders, and other members of the team recently published details of the flaw in a new paper.

According to the researchers, the flaw exists in the Data-Memory Dependent Prefetcher (DMP) in Apple Silicon chips. DMPs, which decide what memory content to prefetch, are well-known in academic circles but have yet to be deployed in a commercial product.

"Classical prefetchers look only at the stream of previous addresses accessed. DMPs also consider on the content of the previously prefetched memory," said David Kohlbrenner, another member of the team. "Inherently, the DMP's choice thus reveals something about the content of memory."

Apple's M1 and A14 family of chips use a prefetcher that targets an array-of-pointers access pattern. Thought the exact details are complicated, this essentially means that the chips can leak data that isn't read by any instruction.

Kohlbrenner noted, however, that this is "about the weakest DMP an attacker can get."

"It only prefetches when content is a valid virtual address, and has a number of odd limitations," he wrote on Twitter. "We show this can be used to leak pointers and break ASLR. We believe there are better attacks available."

The flaw isn't "that bad" currently, since it can only leak data pointers and "likely only in the sandbox threat model."

However, similar flaws centered around data at rest can be tricky to protect against. That's because leaked data is never read by the core, speculatively or non-speculatively.