You are reading the article Apple Silicon Chip Vulnerability ‘Augury’ Surfaces, But Researchers Aren’t Worried Yet updated in February 2024 on the website Minhminhbmm.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested March 2024 Apple Silicon Chip Vulnerability ‘Augury’ Surfaces, But Researchers Aren’t Worried Yet
After digging into Apple Silicon, researchers have discovered a new vulnerability that affects Apple’s latest M1 and A14 chips. The Augury Apple Silicon microarchitectural flaw has been demonstrated to leak data at rest but doesn’t appear to be “that bad” at this point.
Jose Rodrigo Sanchez Vicarte at the University of Illinois at Urbana Champaign and Michael Flanders at the University of Washington led a group of researchers who published details on their discovery of the novel Augury microarchitectural Apple Silicon flaw (all details were shared with Apple prior to publishing).
The group uncovered that Apple chips use what’s called a Data-Memory Dependent Prefetcher (DMP) which looks at memory content to decide what to prefetch.How the Augury Apple Silicon vulnerability works
Specifically, Apple’s M1, M1 Max, and A14 were tested and found to prefetch with an array-of-pointers dereferencing pattern. The researchers discovered that process can leak data that is “never read by any instruction, even speculatively!” They also believe the M1 Pro and possibly older A-series chips are vulnerable to the same flaw.
Here’s how the researchers say Apple’s DMP is different from traditional ones:
Once it has seen *arr … *arr occur (even speculatively!) it will begin prefetching *arr onward. That is, it will first prefetch ahead the contents of arr and then dereference those contents. In contrast, a conventional prefetcher would not perform the second step/dereference operation.
As for why data at rest attacks like this are troublesome, the paper says most hardware or software defensive strategies to prevent “microarchitectural attacks assume there is some instruction that accesses the secret.” But data at rest vulnerabilities don’t work that way. Explaining further, the research says:
Any defense that relies on tracking what data is accessed by the core (speculatively or non-speculatively) cannot protect against Augury, as the leaked data is never read by the core!
But David Kohlbrenner, Assistant Professor at the University of Washington and principal investigator on the research team notes that this DMP “is about the weakest DMP an attacker can get.”
The researchers highlight that sentiment saying this vulnerability isn’t “that bad” for now and they haven’t demonstrated any “end-to-end exploits with Augury techniques at this time. Currently, only pointers can be leaked, and likely only in the sandbox threat model.”9to5Mac’s take
This is definitely an interesting discovery and fortunately, it looks like there’s not much to worry about as the researchers see it as the “weakest DMP an attacker can get.” But of course, important discoveries like this allow Apple to make its devices more secure and get ahead of malicious use.
In the year and a half since Apple went all-in on making its own chips, we’ve only seen a few security concerns specifically around the M1 pop-up. One saw apps exchange data covertly but that wasn’t a real issue and another was custom-made Apple Silicon malware (a perennial problem on any hardware).
The researchers are not aware of Apple working on a patch for Augury, but we’ll be keeping an eye out for any developments around this flaw.
FTC: We use income earning auto affiliate links. More.
You're reading Apple Silicon Chip Vulnerability ‘Augury’ Surfaces, But Researchers Aren’t Worried Yet
Dropbox Apple Silicon support promised, but the damage is already done
Dropbox still lacks a native app for Apple’s latest Mac models running its M1 silicon, forcing users to utilize a battery-hungry version of the software operating under Apple’s Rosetta translation process. A recent tweet highlighting some posts on the Dropbox forums stirred up chaos among Dropbox users by indicating a native M1 app may never arrive, and now the company is trying to clear up the confusion.
The issue started with a tweet from developer Mitchell Hashimoto in which he shared a link to Dropbox’s “Share an idea” forum, specifically a thread in which a user asked the company to update its app with native support for Apple Silicon. The user pointed out — as many others have — that using the Dropbox app with Rosetta is a massive battery drain, not to mention the amount of memory it requires.
— Mitchell Hashimoto (@mitchellh) October 27, 2023
The support thread included posts from company representatives who were apparently unaware of Dropbox’s existing M1 app project, leading to official responses like, “This idea is going to need a bit more support before we share your suggestion with our team.” As expected, the suggestion that native app support for Apple M1 wasn’t a priority pushed many already-frustrated users over the edge, with some talking about ditching the company for an alternative cloud storage provider.
Dropbox CEO Drew Houston clarified things in a tweet today, revealing the company has been working on a native app for M1 Macs and that it plans to release it in the relatively near future. The lack of transparency regarding this effort, as well as the recent attention brought to the community thread, may make this a “too little, too late” moment for the company, which isn’t planning to make its native app available until sometime in the first half of 2023.
We’re certainly supporting Apple Silicon, sorry for the confusion. We’ve been working for a while on a native M1 build which we aim to release in H1 2023. (And agree the responses in the support thread were not ideal — no need to upvote for this one 😊)
— Drew Houston (@drewhouston) October 28, 2023
Dropbox confirmed the Apple M1 app project in a statement to SlashGear, noting that the community forum thread regarding the native support was a mistake:
Dropbox currently supports Apple M1 through Rosetta. We have an internal build for native Apple M1 support, which we’re currently testing and we’re committed to releasing in the first half of 2023. While we regularly ask for customer feedback and input on new products or features, this should not have been one of those instances.
Confirmation about a planned native app release is reassuring, but a big question remains: how many frustrated M1 Mac users are willing to wait until potentially next summer to get access to the native app? Though Dropbox arguably remains the best-known cloud storage provider, the company faces stiff competition in the current market — and many alternatives like Google Drive already offer full M1 Mac support.
Intel chip security flaws that affect all Macs, as well as Windows and Linux machines, still exist, say security researchers – despite the chipmaker’s claims to have fixed them. Similar flaws were found and patched in ARM processors, but there is no suggestion at this stage that further issues remain in these.
The ‘fundamental design flaw’ in Intel’s CPUs came to light last year, with the security vulnerabilities dubbed Spectre and Meltdown. They would allow an attacker to view data in kernel memory, which could span anything from cached documents to passwords …
Apple and Microsoft issued patches based on Intel fixes, but security researchers say they identified additional variants of the flaws which the chipmaker took six months to patch – and further unpatched vulnerabilities remain.
The New York Times reports that the researchers have now gone public as a result of concerns that Intel was misleading people.
Last May, when Intel released a patch for a group of security vulnerabilities researchers had found in the company’s computer processors, Intel implied that all the problems were solved.
But that wasn’t entirely true, according to Dutch researchers at Vrije Universiteit Amsterdam who discovered the vulnerabilities and first reported them to the tech giant in September 2023. The software patch meant to fix the processor problem addressed only some of the issues the researchers had found […]
The public message from Intel was “everything is fixed,” said Cristiano Giuffrida, a professor of computer science at Vrije Universiteit Amsterdam and one of the researchers who reported the vulnerabilities. “And we knew that was not accurate.”
Responsible security researchers first privately disclose their findings to the companies concerned, typically allowing them six months to fix the problem before they go public. This normally works well, providing hardware and software suppliers time to create patches, while the public is informed about the need to update.
But the Dutch researchers say Intel has been abusing the process […] They said the new patch issued on Tuesday still doesn’t fix another flaw they provided Intel in May.
Intel acknowledged that the May patch did not fix everything the researchers submitted, nor does Tuesday’s fix. But they “greatly reduce” the risk of attack, said Leigh Rosenwald, a spokeswoman for the company.
The team cooperated with Intel for as long as it could, say the researchers, but eventually they decided that public disclosure was necessary, first to try to shame the company into acting, and second because details of the flaws were already beginning to leak, which would allow bad actors to create exploits.
The Dutch researchers had remained quiet for eight months about the problems they had discovered while Intel worked on the fix it released in May. Then when Intel realized the patch didn’t fix everything and asked them to remain quiet six more months, it also requested that the researchers alter a paper they had planned to present at a security conference to remove any mention of the unpatched vulnerabilities, they said. The researchers said they reluctantly agreed to comply because they didn’t want the flaws to become public knowledge without a fix.
“We had to redact the paper to cover for them so the world would not see how vulnerable things are,” said Kaveh Razavi, also a professor of computer science at Vrije Universiteit Amsterdam and part of the group that reported the vulnerabilities.
“We think it’s time to simply tell the world that even now Intel hasn’t fixed the problem,” said Herbert Bos, a colleague of Mr. Giuffrida and Mr. Razavi at Vrije Universiteit Amsterdam […]
“Anybody can weaponize [the Intel chip security flaws]. And it’s worse if you don’t actually go public, because there will be people who can use this against users who are not actually protected,” Mr. Razavi said.
The full piece on the latest chapter on the story of the Intel chip security flaws is well worth reading.
FTC: We use income earning auto affiliate links. More.
Your tech news digest, by way of the DGiT Daily tech newsletter , for Monday, 9 November 2023.
Stop press : Pfizer is saying its coronavirus vaccine trial is 90% effective. Here’s more on that stunning Pfizer-COVID19 vaccine news just being announced (NY Times)
1. Apple’s biggest launch could start the biggest tech week since… 2007?
Here’s how this week looks, as what was once private at Apple, Microsoft, and Sony, finally comes out into the open:
November 10: Apple’s biggest keynote in years. Since the …iPad in 2010? Or even the iPhone in 2007? Huge milestone keynotes, but the shift to Apple Silicon should be more than just a new MacBook with better battery life and handy processor, the absolute ground floor of expectations.
With Apple having control over its timeline, production of processors, and chipset design to get the most out of its software, it’s going to be big. The real changes might come in the years to come, but this will be the marker in the ground.
Remember: We expect three new MacBooks, including a 13-inch MacBook Air, a 13-inch MacBook Pro, and possibly a 16-inch MacBook Pro.
Ask yourself now if Apple Silicon will change the PC industry towards Arm, as it seems like Apple is ditching x64 entirely compared to the world of PC makers. The major makers are of course Windows first with some Arm-based chipsets that are only just more than experiments — we’ve seen Microsoft with its Surface Pro X and Acer’s Spin 7 as just two.
Also on the Arm-front, November 10 is the annual MediaTek Summit, which is expected to see the Arm chipmaker talk about its next Dimensity CPU, and a processor specifically for ChromeOS. Not a lot more out there on this yet. (This is about 1/100th of the other news when we look back on the history, but it still matters this week.)
To finish the week, the iPhone 12 Pro Max and iPhone 12 mini will be available in stores and arriving beginning from November 13.
2. Report: Samsung beat Apple in the US market for the first time in three years in Q3 2023, with the deck stacked a little towards Samsung. Q4 should be interesting. (Android Authority).
3. I wrote up The Weekly Authority, a new fresh newsletter on Android Authority, tackling the week that was from 10,000ft, plus a deep dive or bigger story. This week: the 5nm chipset war of 2023, which is going to be great for smartphones, and you (Android Authority).
4. On that note: Why a Snapdragon 875 Lite makes perfect sense (Android Authority).
5. OnePlus 8 Pro revisited: The good and bad six months later (Android Authority).
6. OnePlus Buds Z review: Cheaper and better than the OnePlus Buds. Wait, cheaper and better? That never happens (Android Authority).
7. Sony launches Airpeak drone business to support ‘video creators’ (Engadget).
8. Apple suspends new (read: additional) business with key supplier Pegatron after discovering violations of labor rules related to a student worker program (Bloomberg).
9. Virgin hyperloop hits an important milestone: The first human passenger test (The Verge).
10. Cory Doctorow gives an incredible breakdown of HP’s ink-jet printer corporation evil. Oh, you know ink-jet printers are bad. You didn’t know quite how bad: like HP’s very recent ‘Free Ink for Life’ deal that turned, just on 12 months later, “…into a ‘Pay us $0.99 every month for the rest of your life or your printer stops working’ plan” (EFF.org)
11. The ‘most famous paradox in physics’ nears its end: Physicists have proved that information does escape a black hole, the very thing that black holes weren’t supposed to do. So, what does that mean? (Wired).
12. Going to the Sahara Desert to count trees sounds rough. Instead, deep learning techniques identified trees from NASA’s satellite imagery, to count 1.8 billion of them (WeForum).
13. This is absolutely not 6G: “China sends ‘world’s first 6G’ test satellite into orbit” (BBC). 6G will be a standard decided by 3GPP. Which they’ll do anywhere sometime in the next 5-10 years. So whatever this is from China, with high-frequency terahertz waves (not GHz, THz) isn’t what 6G will be. It’s interesting, but not 6G. Ok, cool.
14. In honor of Alex Trebek, the nicest man on television, what is your favorite Jeopardy! moment or memory? (r/askreddit).
A new TSMC Singapore plant is being discussed, as a way to help tackle the global chip shortage. The company is said to be in discussion with the government over the potential move.
A Singapore plant would help Taiwan Semiconductor Manufacturing Company achieve another key objective, says the report …Background
TSMC may be best known for making the A-series and M-series chips, which power Apple devices, but the company also produces many less exciting but still critical chips for things like display drivers and power management.
It is these so-called legacy chips that have been in especially short supply, and on which Apple relies as much as any other tech company. Indeed, it is mostly these shortages that led to the iPhone maker seeing greatly reduced revenue lately. CEO Tim Cook revealed that supply constraints cost Apple $6B in two quarters, and warned that the hit could be as high as $8B this quarter.
A recent report says that there have been shortages across seven chip categories, and that four of them will continue to be affected throughout 2023.Potential TSMC Singapore plant
The WSJ reports that a TSMC Singapore plant would be geared to the older processes used to make these types of legacy chips.
For the Singapore project, TSMC is studying the feasibility of production lines that would make seven- to 28-nanometer chips, a person familiar with the plans said. These chips are based on older production technologies and are widely used in cars, smartphones and other devices.
TSMC is ramping up investment in these chips, which have caused some of the worst supply-chain bottlenecks, including for Apple Inc.
The report says that a final decision hasn’t yet been made, as ‘negotiations’ are still underway – code for the chipmaker seeking government incentives in order to build the plant.Would meet a second objective
In addition to increasing manufacturing capacity for legacy chips, a Singapore base would help TSMC reduce its concentration of production in its home country. The pandemic has starkly demonstrated the risks involved in too much manufacturing capacity in a single country, and Taiwan is potentially at risk from a newly emboldened China.
This is likely the reason for TSMC to look toward Singapore rather than China.
TSMC has so far managed to work around lockdowns, but has still been caught up in the catch-22 of chips for chipmaking machines being one of the items in short supply.Is in addition to Arizona plans
Another element of TSMC’s global diversification process is plans to build as many as six plants in the USA. The company first announced these plans a year ago, later saying that mass production was likely to begin in 2024.
However, it was reported earlier this year that the company had hit a number of snags, which may delay the planned start date.
A report indicates that the company is three to six months behind schedule. Nikkei Asia suggests that the company is having trouble building its plant. Labor shortage, COVID-19 infections in the US, and different types of licenses needed for construction are some of the factors making TSMC fall behind schedule.
Photo: Jiahao Li/Cambridge University
FTC: We use income earning auto affiliate links. More.
There is a bullish sentiment currently for some cryptocurrencies across the border blockchain industry, where Shiba Inu and Tradecurve have specifically managed to grab a lot of attention from investors and traders.
With their recent price performance, both altcoins have become appealing options, but which one can provide the most value in June of 2023? To figure this out, we will look at the recent price performance of both altcoins.Shiba Inu Showcases Bullish Sentiment
Shiba Inu has gained prominence as a result of the growing popularity of meme-themed cryptocurrencies. When the Shiba Inu cryptocurrency originally started out, it gained a significant level of attention by being a Dogecoin competitor that saw a large level of success, and since then has expanded its ecosystem with the introduction of Puppynet, a testnet blockchain and announced the upcoming launch of Shibarium, which is a Layer-2 network.
Its recent on-chain data suggests a bullish sentiment. Specifically, as of June 21, 2023, Shiba Inu is trading hands at $0.000007424 with a market cap of $4.3B which is a rise of 3.43% in the last 24 hours. Moreover, the trading volume for Shiba Inu has also increased by 20.06% in that same period, now sitting at $116,794,610. From a technical perspective, the Shiba Inu coin is also painting a bullish picture as both its moving averages and technical indicators are showing strong buy signals.
While it’s important to note that cryptocurrency investments carry risks, the current bullish sentiment around Shiba Inu indicates growing optimism among market participants.Tradecurve To Spike in Value Based on Analyst Prediction
Analysts are also seeing a bullish sentiment that has surfaced for the Tradecurve cryptocurrency, analysts are predicting that it can climb 100x at launch.
This can be attributed to the solutions it brings to some of the most notable and serious issues that are plaguing centralized exchanges today. From mandatory KYC requirements to high fees, lack of market options, and limited accessibility, Binance, Kraken, Coinbase, and others have had a difficult time appealing to investors who want anonymity and freedom.
Moreover, they have seen a significant level of pressure from the SEC, which has been attacking some CEXs with lawsuits.
Tradecurve, on the other hand, eliminates all of these KYC requirements and enables truly free, self-custodial, borderless access to not just crypto but derivatives trading to anyone on a global scale. Alongside solving these key issues, Tradecurve innovates by implementing new features that are rarely seen on competing exchanges.
Each user gains the ability to subscribe to automated trading bots that can execute trades quicker and more efficiently than a human is able to manually. They can analyze market conditions, monitor price movements, and execute trades based on predefined strategies.
TCRV is the utility token used for governance, for getting passive income through staking, and for getting discounts on subscriptions, such as the ones for the aforementioned trading bots. The token is currently at Stage 4 of its presale, trading at $0.018, and has been selling quickly. Based on this momentum, rapid growth is expected to occur for the cryptocurrency.Learn more about Tradecurve and TCRV at the links below:
Follow Us Twitter
Update the detailed information about Apple Silicon Chip Vulnerability ‘Augury’ Surfaces, But Researchers Aren’t Worried Yet on the Minhminhbmm.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!