Apple Silicon “Augury” DMP Vulnerability

Francisco Pires:

A team of researchers with the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington have demonstrated a world-first Data Memory-Dependent Prefetcher (DMP) vulnerability, dubbed “Augury,” that’s exclusive to Apple Silicon. If exploited, the vulnerability could allow attackers to siphon off “at rest” data, meaning the data doesn’t even need to be accessed by the processing cores to be exposed.

Augury takes advantage of Apple Silicon’s DMP feature. This prefetcher aims to improve system performance by being aware of the entire memory content, which allows it to improve system performance by pre-fetching data before it’s needed. Usually, memory access is limited and compartmentalized in order to increase system security, but Apple’s DMP prefetch can overshoot the set of memory pointers, allowing it to access and attempt a prefetch of unrelated memory addresses up to its prefetch depth.

See also:

• I See Dead μops: Leaking Secrets via Intel/AMD Micro-Op Caches
• Spectre attacks come back from the dead
• What are the very long-term solutions to Meltdown and Spectre going to look like?

Previously:

• Microarchitectural Data Sampling (MDS) Mitigation
• Mitigating Spectre With Site Isolation in Chrome
• Intel FPU May Spill Crypto Secrets to Apps
• Finding a CPU Design Bug in the Xbox 360
• Intel CPU Design Flaw Necessitates Kernel Page Table Isolation

Apple A14 Apple M1 Apple M1 Max Bug Processors

Comments RSS · Twitter

Leave a Comment

Name

E-mail (will not be published)

Web site

Δ