Apple Inc. AAPL has acknowledged a significant security flaw in its iPhone 12 and M2 MacBook Air GPUs. The flaw, named ‘LeftoverLocals,’ could potentially expose sensitive data to hackers.
What Happened: Apple has confirmed the existence of a security flaw in the GPUs of its iPhone 12 and M2 MacBook Air, TechRadar reported on Thursday. This flaw, named ‘LeftoverLocals’, allows hackers to access data previously processed by the device’s GPU.
Although Apple has not provided a comprehensive list of affected products, older devices are likely vulnerable. The researchers who discovered the flaw have noted that the recently released iPhone 15 and M3 MacBook Pro appear to have been patched. However, the exact list of affected products is still unknown.
Qualcomm, whose devices are also affected, has reportedly issued patches. AMD is working on a series of fixes that will be available in March.
An Apple spokesperson communicated via email to Benzinga that the fixes for the issues were shipped with the M3 and A17 processors.
“We want to thank the researchers for their collaboration as this research advances our understanding of these types of threat[s],” the spokesperson noted.
Why It Matters: The confirmation of this security flaw comes shortly after reports that Apple was informed of potential security vulnerabilities in its AirDrop feature before China’s Beijing Institute allegedly breached it. The institute, backed by the state, claimed to have extracted iPhone users’ details via AirDrop, highlighting the increasing importance of proactively addressing potential security threats.
As security researchers at Trail of Bits demonstrated, the ‘LeftoverLocals’ flaw requires pre-existing access to a target device to work. This means that affected devices are not immediately vulnerable and would need to be used in conjunction with other cyber-attacks to be effective.
However, since the vulnerability exists at the GPU level, hackers do not need specific access to individual user accounts. Once they have any form of access to the device, they can steal data from any user.
If you have a device with a Qualcomm, Apple, or AMD processor, you should exercise the usual cybersecurity best practices and download any available security patches. Devices with Intel, Nvidia, or MediaTek hardware are not affected.
Read Next: Trump Promises Never To Allow CBDCs In US, Says He Will ‘Protect Americans From Government Tyranny’
Image Credits – Apple
Editor's note: This story has been updated with a comment from Apple
Engineered by Benzinga Neuro, Edited by Pooja Rajkumari
The GPT-4-based Benzinga Neuro content generation system exploits the extensive Benzinga Ecosystem, including native data, APIs, and more to create comprehensive and timely stories for you. Learn more.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.