A team of researchers with the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington have demonstrated a world-first Data Memory-Dependent Prefetcher (DMP) vulnerability, dubbed "Augury," that's exclusive to Apple Silicon.
If exploited, the vulnerability could allow attackers to siphon off "at rest" data, meaning the data doesn't even need to be accessed by the processing cores to be exposed.
Augury only exists because of Apple Silicon's DMP feature. This prefetcher aims to improve system performance by being aware of the entire memory content, which allows it to improve system performance by pre-fetching data before it's needed.
Usually, memory access is limited and compartmentalised to increase system security, but Apple's DMP prefetch can overshoot the set of memory pointers, allowing it to access and attempt a prefetch of unrelated memory addresses up to its prefetch depth.
If you feel your mind grasping at a certain familiarity with this, it's likely because the infamous Spectre/Meltdown vulnerabilities also try and speculate what data will be required by the system before it's even requested (hence the term speculative execution).
But while Spectre and Meltdown are only capable of leaking in-use data, Apple's DMP can potentially leak the entire memory content even if it's not being actively accessed, meaning that Apple’s chip teams managed to outshine Intel in the cock-up department.
To make things even better Apple's DMP renders void some of the already-engineered fixes for speculative execution vulnerabilities meaning that Jobs’ Mob will have to go back to drawing board to figure out a solution.
Apple is apparently aware of their discoveries, but there are no plans for mitigations announced. We guess that is because that they will slow their chips down and it is frantically telling the world+dog that its chips are much faster than anyone else’s. While Intel and AMD have to throttle their chips due to Spectre-like bugs, Apple can effectively get away with it.