A few days ago, researchers found the world's first data memory-dependent Prefetcher (DMP) security vulnerability in Apple Silicon - this vulnerability is called "Augury" (meaning "divination"), which currently only exists in Apple Silicon.
There have always been doubts about DMP
It was found that Augury's research team members came from different universities, including the University of Illinois at Urbana-Champaign, Tel Aviv University, and the University of Washington, and the team has always had doubts about DMP.
DMP, or data memory-dependent prefetcher, can improve system performance by knowing the entire memory content and prefetching data. In general, in order to ensure system security, memory access will be limited and divided, and the well-known technology review site Anandtech after Apple launched M1, a paragraph of A14 evaluation of the wording caught the attention of the research team:
In the microarchitecture survey, we saw signs of "memory magic" in Apple's chip design, and we speculated that Apple was using some sort of pointer tracking prefetching mechanism.
In this regard, the research team speculates that the DMP prefetch of Apple chips may exceed the set of memory pointers, that is, it can access and try to prefetch unrelated memory addresses, or even deep prefetch.
With this concern, the team began to study M1 and A14, and indeed found eyebrows:
"We found that Apple processors have a DMP."
"We found that this DMP prefetched a pointer array dereference pattern."
"We found that it was possible to leak data (pointers) that no instruction would read, even if it was speculative!"
Further explanation: Apple Silicon's DMP function has a vulnerability "Augury", if the vulnerability is successfully exploited by an attacker, the system will be exposed to static data attacks, that is, the leaked data is not read by the core in a speculative or non-speculative manner, so it is difficult to find.
Vulnerabilities unique to Apple Silicon
Specifically, the research team found that Apple Silicon did use DMP prefetch pointer arrays (AoPs):
The researchers explained: "Once the code sees *arr[0]... arr[2] occurs (or even just speculatively!). ), it will begin to prefetch arr[3]. That is, it prefetches the contents of arr before dereference. But in general, traditional prefetchers do not perform the second step/dereference operation. ”
In AoP, the system addresses, reads, and caches memory that has not yet been accessed, and that data may never be accessed—that is, Apple Silicon's current DMP capabilities make the system over-read and exposed to data, making it more vulnerable.
Speaking of which, some people may think of the Spectre and Meltdown vulnerabilities that have caused a huge sensation around the world (these two vulnerabilities can allow attackers to destroy the processor's privileged memory and steal sensitive data by using parallel running processes), but the research team pointed out that Augury and Spectre/Meltdown are not the same:
Augury only utilizes DMP functions, not transient execution;
Spectre can be completely disabled, while Augury will still exist;
The type of defense for Augury is also different from other microarchitecture attacks. Any data defense that relies on tracking access by the core will not prevent Augury from leaking data because data leaked through Augury is never read by the core.
So we can also understand that the Spectre and Meltdown vulnerabilities leak data that is in use, while using Apple's DMP, Augury may leak the entire memory content, even if the data is not actively accessed.
Apple is aware of this, but has not yet patched
According to the vulnerability information released by the research team, Augury currently exists only in Apple Silicon, and it has been confirmed that the affected chips include A14, M1 and M1 Max (all with DMP capabilities). They also tested the latest Intel and AMD processors, but neither showed signs of an Augury vulnerability.
In addition, the researchers added: "We think some of the older A-series chips and the latest M1 series (M1 Pro, etc.) chips will also be affected, but this is only confirmed on the M1 Max at this time." ”
Thankfully, the research team pointed out that although Augury sounds like there are no small pitfalls, they have not yet "demonstrated any end-to-end exploits with Augury", so at least for this stage, "only the pointer will be leaked".
As for the patch for the vulnerability, the research team said that it has discussed this issue with Apple, and Apple has known all the details of the vulnerability, but according to their understanding, Apple has not yet launched the relevant patch.
Source: csdn and other web content synthesis
![The news said that the development of Apple's M2 processor is nearing completion, using TSMC's 4nm process[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)