- Academic scientists found two new speculative execution errors
- The pair affects M2 and M3 processors
- Apple has acknowledged the deficiencies and said it would solve it
Apple devices powered with M2/A15 and M3/A17 chips are vulnerable to page channel deficiencies that can put user data at risk of being stolen, experts have warned.
CyberSecurity scientists from the Georgia Institute of Technology and Ruhr University Bochum, which recently published two separate papers, with details of the two vulnerabilities called flop and limp.
However, these deficiencies do not affect power consumption patterns during cryptographic operations, but rather speculative execution, similar to what the feared Specter and Meltdown endeavies were. Speculative execution is a technique used by processors to improve performance. It involves the CPU who guesses the probable path of a program (like what instruction to perform next) and begins to perform it before the actual decision is made. If the guess is correct, it speeds up the treatment; If not, the wrong results are discarded.
Practical application
Explaining their findings to Bleeping computersaid the researchers that mispredictions can lead to chips performing calculations with the wrong data.
“From the M3/A17 generation, they try to predict the data value that will be returned from memory. However, errors in these mechanisms may result in arbitrary calculations being said.
Usually, when academic researchers find computer bugs, the most theoretical or otherwise extremely difficult to pull off in a real life scenario. For these, however, the researchers explained how a threat actor could create a malicious website that contains JavaScript code and uses it to draw personally identifiable information from the victims.
They shared their findings with Apple (at the end of March too limp and in early September for floppy) that recognized their findings and confirmed that it would work on a solution. However, it looks
“We would like to thank the researchers for their collaboration as this evidence of concept promotes our understanding of these types of threats,” Apple told Bleeping computer.
“Based on our analysis, we don’t think this problem poses an immediate risk to our users.”
Those interested in technical details can read the in -depth analysis here. These are the same scientists who discovered ileakage — sowability a year and a half ago, Bleeping computer Memories. One was also a side channel’s error.
