GPU security flaw exposes AI data of millions of iPhones, MacBooks
A GPU security flaw has been discovered in certain iPhones and MacBooks by Trail of Beats. According to the researchers, millions of Apple iPhones and MacBooks, including devices with AMD or Qualcomm chips, are affected.
The problem, called LeftoverLocals, is in the GPU memory that stores AI data, which uses the graphics unit instead of the SoC. The vulnerability allows hackers to extract easily accessible private information in the GPU’s local memory.
Apple has confirmed that it is aware of the issue and has already issued patches for devices with M3 and A17 bionic chips, but older iPhone 12 Pro, iPads and M2 MacBook Air devices are still open.
The exploit will be available on devices with GPUs from Apple, AMD, Qualcomm and Imagination. Nvidia, Arm and Intel are not affected.
As graphics units become more complex and have to perform more tasks over time, they are bound to access more data. In this case hackers can use less than 10 lines of code to access anywhere from 5 MB to 180 MB of unmodified local memory.
Thus, attackers can read victim data left on the user’s device with LLMs (large language models), which are primarily used by generative AI services like ChatGPT.