Summary: Cybersecurity researchers have discovered a severe security flaw in graphics processing units (GPUs) from Apple, Qualcomm, and AMD, potentially allowing threat actors to steal sensitive data from compromised devices. The flaw, known as LeftoverLocals, has been identified in millions of vulnerable devices. With GPUs in high demand due to factors like Artificial Intelligence (AI), cryptocurrency mining, and gaming, manufacturers are focused on increasing supply, neglecting data integrity and security. LeftoverBits, the flaw that enables hackers to steal between 5 to 180 megabytes of data, has exposed the vulnerability of unpatched devices. The attack only requires initial access to the system and can target any device user’s GPU data. The researchers easily retrieved sensitive data with less than 10 lines of malicious code. While Apple has addressed the flaw in its latest processors, older iPhones, iPads, and MacBooks remain vulnerable. Qualcomm has released a firmware patch and encourages users to apply it when available. AMD is currently working on fixes to be released in March.
Title: Security Threat Posed by New GPUs Puts Data at Risk
Graphics processing units (GPUs) from major manufacturers like Apple, Qualcomm, and AMD are at risk of a severe security flaw that exposes sensitive data to potential theft by hackers. The flaw, known as LeftoverLocals, was discovered by cybersecurity researchers and affects millions of devices worldwide. The rising demand for GPUs driven by trends like Artificial Intelligence (AI), cryptocurrency mining, and gaming has led manufacturers to focus on increasing supply, neglecting data security concerns. As a result, the vulnerability of unpatched devices leaves them susceptible to attacks exploiting the LeftoverBits flaw.
Unlike other vulnerabilities, LeftoverLocals requires hackers to gain access to the target system through other means, not necessarily the same user account. Once inside, they can exploit the flaw to exfiltrate data from the GPU belonging to any device user. The ease of executing this attack is alarming, with researchers demonstrating success using less than 10 lines of malicious code. The stolen data can range from 5 to 180 megabytes, posing a significant risk to individuals or organizations with sensitive information stored on affected devices.
Research identified GPUs from Apple, AMD, and Qualcomm as particularly vulnerable to LeftoverLocals, while Nvidia, Intel, and ARM have managed to avoid the flaw. Apple has taken steps to address the issue in its latest M3 and A17 processors, but older iPhones, iPads, and MacBooks remain at risk. MacBooks powered by Apple’s M2 processor are also susceptible, with only the iPad Air 3rd generation A12 appearing to be adequately patched.
In response to the discovery, Qualcomm has already released a firmware patch and advises users to install it as soon as possible. AMD, on the other hand, is actively working on “optional mitigations” that are expected to be released in March. However, until these patches are widely adopted, users of vulnerable GPUs should be vigilant and consider implementing additional security measures to safeguard their sensitive data.
The source of the article is from the blog kewauneecomet.com