The Researchers Found A Micro Architecture Defect In Apple Silicon Chip, Which May Lead To Data Leakage, But They Said There Was Nothing To Worry About At Present The So-called Australian Defect Was Discovered By A Research Team Led By Jose Rodrigo Sanchez Vicarte Of The University Of Illinois At Champagne And Michael Flanders Of The University Of Washington. Vicarte, Flanders And Other Members Of The Team Recently Published Details Of The Defect In A New Paper.
According To The Researchers, The Flaw Lies In The Data Memory Dependent Prefetcher (DMP) In Apple Silicon Chip. DMP Determines Which Memory Content To Prefetch. This Technology Is Well Known In Academia, But It Has Not Been Deployed In Commercial Products.
"The Classic Prefetcher Only Looks At Previously Accessed Address Streams. DMP Also Considers The Contents Of Previously Prefetched Memory," Said David Kohlbrenner, Another Member Of The Team. "In Essence, The Choice Of DMP Reveals Something About The Content Of Memory."
Apple's M1 And A14 Series Chips Use A Prefetcher For Dot Matrix Access Mode. Although The Details Are Complex, This Basically Means That These Chips Can Disclose Data That Has Not Been Read By Any Instructions. However, Kohlbrenner Points Out That This Is "the Weakest DMP An Attacker Can Get". "It Prefetches Only When The Content Is A Valid Virtual Address And Has Some Strange Restrictions. Our Research Shows That This Can Be Used To Leak Pointers And Break ASLR. We Believe There Are Better Attack Methods Available," He Wrote On Twitter
This Flaw Is Not "that Bad" At Present, Because It Can Only Disclose Data Pointers And "probably Exists Only In The Sandbox Threat Model".
However, Similar Defects Centered On Static Data Are Difficult To Prevent, Because The Leaked Data Will Never Be Read By The Core, Whether Speculative Or Non Speculative.