A report about a GPU security flaw has appeared online, reported by Bit trail. According to researchers, millions of Apple iPhones and MacBooks, as well as devices with AMD or Qualcomm chips, are affected.
The issue, called LeftoverLocals, affects the GPU memory that stores AI data, which uses the graphics unit rather than the SoC. The vulnerability allows attackers to extract easily accessible personal information in the GPU’s local memory.
Apple has confirmed that it is aware of the issue and has already patched some devices with the M3 or A17 Bionic chip, but older iPhone 12 Pro, iPad and MacBook Air M2 are still exposed.
The exploit can be found in devices with GPUs from Apple, AMD, Qualcomm and Imagination. Nvidia, Arm and Intel are not interested.
As graphics units become more complex and need to perform more tasks over time, their code becomes increasingly long and unprotected. Hackers can use fewer than 10 lines of code to access uninitialized local storage ranging from 5 MB to 180 MB.
This way, attackers can read victim data that has been left on the user’s device, including LLMs (large language models), which are primarily used by generative AI services like ChatGPT.
What remaining data does your ML model leave behind for another user to steal, asks Trail of Bits
All companies with defects in their units have confirmed the problem with Trails of Bits. They promised to release an update once they figure out how to patch the GPU. Our tip to protect yourself is to keep an eye on your device and update it once the fix arrives.
Start a new Thread