Subj : Apple admits the iPhone 12 and M2 MacBook Air have a concerning s To : All From : TechnologyDaily Date : Fri Jan 19 2024 09:15:05 Apple admits the iPhone 12 and M2 MacBook Air have a concerning security flaw but dont panic Date: Fri, 19 Jan 2024 09:05:54 +0000 Description: Apple confirms the existence of a GPU security flaw in both iPhone 12 and M2 MacBook Air heres how to protect yourself. FULL STORY ====================================================================== Earlier this week, the TechRadar Pro team reported on a serious security flaw affecting millions of GPUs from Apple, AMD, and Qualcomm and today, Apple has officially confirmed that some of its products are indeed affected. So far, Apple has stated that the iPhone 12 and M2 MacBook Air are affected, but its likely older Apple products still hold the vulnerability; the researchers at Trail of Bits who originally uncovered the security flaw noted that the recently-released iPhone 15 and M3 MacBook Pro seem to have been patched to remove the issue, but theres no concrete list of which products are currently still affected. The security flaw, dubbed LeftoverLocals, allows hackers to read data that was previously processed by the devices GPU. As the security researchers at Trail of Bits demonstrated, an attacker could steal information such as the results of a query given to an AI chatbot such as ChatGPT . Its a remarkably simple process for hackers, too the researchers were able to pull sensitive data from a target device with just 10 lines of code. Beyond Apples hardware, the affected Qualcomm devices which will presumably include dozens of Android phone and tablet models have apparently now been patched, while AMD has stated it is working on a series of fixes that will be available in March. Should we be worried about this? Fortunately, theres no need to panic straight away. As our Pro team noted yesterday, LeftoverLocals requires pre-existing access to a target device in order to work, meaning that the affected devices arent instantly vulnerable. That means the exploit will need to be used in conjunction with more conventional cyber-attacks (such as phishing emails) to be effective. In other words, if you exercise the usual cybersecurity best practices no clicking on dodgy links! you should be fine. However, Trail of Bits did add that since the vulnerability exists at the GPU level, hackers dont need specific access to individual user accounts: once they have any form of access to the device, they can steal data from any user. With that in mind, its worth being extra careful when using devices with shared accounts right now. If you share a Chrome tablet with a child who has their own user account, for example, their profile being compromised could open up your account to a LeftoverLocals attack. Naturally, you should be sure to download any available security patches if youve got a device with a Qualcomm, Apple, or AMD processor. If youre running on Intel, Nvidia, or MediaTek hardware, then you dont have to worry! You might also like Apple Magic Keyboards are at risk from security attacks update now to protect your Mac or iPad This Apple Vision Pro deep dive showed me all I was missing Apple accidentally revealed that iOS 17.3 is probably just days away ====================================================================== Link to news story: https://www.techradar.com/computing/computing-security/apple-admits-the-iphone -12-and-m2-macbook-air-have-a-concerning-security-flaw-but-dont-panic --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .