{"id":36059,"date":"2022-06-03T11:20:08","date_gmt":"2022-06-03T15:20:08","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=36059"},"modified":"2022-06-03T11:20:08","modified_gmt":"2022-06-03T15:20:08","slug":"apple-silicon-augury-dmp-vulnerability","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/06\/03\/apple-silicon-augury-dmp-vulnerability\/","title":{"rendered":"Apple Silicon &ldquo;Augury&rdquo; DMP Vulnerability"},"content":{"rendered":"<p><a href=\"https:\/\/www.tomshardware.com\/news\/apple-silicon-exclusively-hit-with-world-first-augury-dmp-vulnerability\">Francisco Pires<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.tomshardware.com\/news\/apple-silicon-exclusively-hit-with-world-first-augury-dmp-vulnerability\"><p>A team of researchers with the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington <a href=\"https:\/\/www.prefetchers.info\">have demonstrated<\/a> a world-first Data Memory-Dependent Prefetcher (DMP) vulnerability, dubbed &ldquo;Augury,&rdquo; that&rsquo;s exclusive to Apple Silicon. If exploited, the vulnerability could allow attackers to siphon off &ldquo;at rest&rdquo; data, meaning the data doesn&rsquo;t even need to be accessed by the processing cores to be exposed.<\/p><p>Augury takes advantage of Apple Silicon&rsquo;s DMP feature. This prefetcher aims to improve system performance by being aware of the entire memory content, which allows it to improve system performance by pre-fetching data before it&rsquo;s needed. Usually, memory access is limited and compartmentalized in order to increase system security, but Apple&rsquo;s DMP prefetch can overshoot the set of memory pointers, allowing it to access and attempt a prefetch of unrelated memory addresses up to its prefetch depth.<\/p><\/blockquote>\n\n<p>See also:<\/p>\n<ul><li><a href=\"https:\/\/www.cs.virginia.edu\/~av6ds\/papers\/isca2021a.pdf\">I See Dead &#x3BC;ops: Leaking Secrets via Intel\/AMD Micro-Op Caches<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/exploits-and-vulnerabilities\/2021\/05\/spectre-attacks-come-back-from-the-dead\/\">Spectre attacks come back from the dead<\/a><\/li>\n<li><a href=\"http:\/\/wanderingcoder.net\/2019\/07\/17\/very-long-term-solutions-meltdown-spectre\/\">What are the very long-term solutions to Meltdown and Spectre going to look like?<\/a><\/li>\n<\/ul>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/05\/17\/microarchitectural-data-sampling-mds-mitigation\/\">Microarchitectural Data Sampling (MDS) Mitigation<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2018\/07\/16\/mitigating-spectre-with-site-isolation-in-chrome\/\">Mitigating Spectre With Site Isolation in Chrome<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2018\/06\/14\/intel-fpu-may-spill-crypto-secrets-to-apps\/\">Intel FPU May Spill Crypto Secrets to Apps<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2018\/01\/29\/finding-a-cpu-design-bug-in-the-xbox-360\/\">Finding a CPU Design Bug in the Xbox 360<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2018\/01\/03\/intel-cpu-design-flaw-necessitates-kernel-page-table-isolation\/\">Intel CPU Design Flaw Necessitates Kernel Page Table Isolation<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Francisco Pires: A team of researchers with the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington have demonstrated a world-first Data Memory-Dependent Prefetcher (DMP) vulnerability, dubbed &ldquo;Augury,&rdquo; that&rsquo;s exclusive to Apple Silicon. If exploited, the vulnerability could allow attackers to siphon off &ldquo;at rest&rdquo; data, meaning the data doesn&rsquo;t even need [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2022-06-03T15:20:36Z","apple_news_api_id":"a6c375dd-3592-4589-9752-2a7e6ff784c6","apple_news_api_modified_at":"2022-06-03T15:20:37Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/ApsN13TWSRYmXUip-b_eExg","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[1998,2014,2134,131,260],"class_list":["post-36059","post","type-post","status-publish","format-standard","hentry","category-technology","tag-apple-a14","tag-apple-m1","tag-apple-m1-max","tag-bug","tag-processors"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/36059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=36059"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/36059\/revisions"}],"predecessor-version":[{"id":36060,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/36059\/revisions\/36060"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=36059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=36059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=36059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}