Why is it important: Hardware security flaws like Specter have been a major problem for Intel and AMD since they were discovered in 2018. Now one has appeared for Apple’s latest custom processors. Although not as serious as Specter, it confirms that Apple Silicon is not immune to vulnerabilities.

- Advertisement -

Recently researchers published document detailing the vulnerability they call Augury, which affects the Apple M1, M1 Max and A14 processors. This may also affect older A-series chips and newer M1 relatives.

- Advertisement -

Although Augury has not yet led to real exploits, it is unique in that it can leak data that neither the kernel nor any instructions have read. This negates many of the defenses against Ghost which work by keeping track of what data the kernel and instructions are accessing.

Augury comes from using the Apple Silicon Data Memory-Dependent Prefetcher (DMP), which is an optimization that takes into account the contents of previous memory prefetchers. This method gives a clue to the contents of the memory, making it possible for them to be leaked.

- Advertisement -

Researchers don’t consider Augury very dangerous, in part because it preselects valid virtual addresses. However, it can break ASLR (Address Space Randomization), which could be the first step in a serious exploit.

The authors of the article sent Apple all the details about Augury before publishing their findings so the company can provide a solution if it ever becomes an issue.