Most older iPhones, Macs, and iPads are vulnerable to GPU flaw

A security flaw named LeftoverLocals lets attackers access data that has been processed in a device's GPU, and while Apple says A17 iPhone and M3 Macs have fixes, older models do not.

The report, and the naming of LeftoverLocals, comes from Trail of Bits, which previously demonstrated how Apple's walled garden iPhone security can benefit hackers. The organization now says it has found "vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs."

It's a particularly significant vulnerability both because of the volume of data that may be read, and also because GPUs are being increasingly used in AI for processing of Large Language Models (LLMs.)

"By recovering local memory — an optimized GPU memory region," wrote Trail of Bits in a blog post, "we were able to build a PoC [Proof of Concept] where an attacker can listen into another user's interactive LLM session (e.g., llama.cpp) across process or container boundaries."

A split-screen showing two text dialogs, one with a dark background and green text, and the other in red with white text, both discussing the Trail of Bits cybersecurity firm and its large clients like Google and Amazon.

Left: a user's typing into AI. Right: how much an attacker can receive

While Apple was reportedly slow to respond to information from the researchers, it did patch certain devices. "We re-tested the vulnerability on January 10," said the researchers, "where it appears that some devices have been patched, i.e., Apple iPad Air 3 (A12)."

"However, the issue still appears to be present on the Apple MacBook Air (M2)," they continue. "Furthermore, the recently released Apple iPhone 15 does not appear to be impacted as previous versions have been."

Apple has told Wired that fixes had been shipped for the latest iPhones and Macs with A17 and M3 devices,

How to protect yourself from LeftoverLocals

The vulnerability requires access to a user's device, it can't be done remotely. For now, for users with a vulnerable device, the best way to protect themselves is to never give a third party access to their devices. Also, users should also always install the latest security updates from Apple.

It's not clear if Apple has patch plans going forward for impacted devices.

Latest Exclusives

Latest comparisons

8 Comments

smaceslin 14 Years · 86 comments

About 11 months ago

Well that is one way for Apple to force everyone to upgrade their M1s and M2s...

davebarnes 19 Years · 376 comments

"The vulnerability requires access to a user's device" is in the LAST paragraph.
Should have been in the first sentence so I could stop reading there.

Fidonet127 5 Years · 598 comments

Not just Apple is affected, Apple, Qualcomm, AMD, and Imagination GPUs."

mknelson 9 Years · 1148 comments

smaceslin said:

Well that is one way for Apple to force everyone to upgrade their M1s and M2s...

This isn't MacRumors…

The vast majority of M1 and M2 users won't be affected by this bug even if Apple doesn't patch all models. Requires physical access, is only useful for pulling info from LLM (and if you look at the screenshots it isn't even reliable at that), and it's present in Qualcomm, AMD, and Imagination GPUs (It's a conspiracy I tells ya!).

sbdude 5 Years · 291 comments

davebarnes said:

"The vulnerability requires access to a user's device" is in the LAST paragraph.
Should have been in the first sentence so I could stop reading there.

Exactly. Doesn't seem like much of a vulnerability to me.

And I pity anyone who purposely hacks and reads my ridiculous conversations with AI.

How to protect yourself from LeftoverLocals

8 Comments

Sponsored Content

Top Stories

Latest Exclusives

Latest comparisons

Latest News

Latest Videos

Latest Reviews