MacBook Users in Trouble after Apple Confirmed a GPU Vulnerability

Usama AnjumLast Updated: Jan 22, 2024

Macbook users are at risk of a new GPU vulnerability, the Silicon Valley giant Apple confirmed recently. The company said that a new GPU vulnerability can be found in the M2 MacBook Air and could be present in other Apple devices. The vulnerability entitled ‘LeftoverLocals’ has been discovered in GPUs manufactured by Apple, Qualcomm, AMD, and Imagination. The vulnerability, when exploited, allows attackers to read data left over from GPU processing. Apple has responded by confirming that the vulnerability affects M2-powered MacBook Air and iPhone 12 models, although the most recent M3 and A17 processors ship with fixes for the LeftoverLocals attack.

Qualcomm also released a firmware patch, enabling its users to apply the patch as soon as possible. On the other hand, AMD is working on its fix, which is anticipated in March.

The technique hackers use to exploit GPU vulnerability is as follows:

“LeftoverLocals impacts the security posture of GPU applications as a whole, with particular significance to LLMs and ML models run on impacted GPU platforms. By recovering local memory—an optimized GPU memory region—we built a PoC where an attacker can listen into another user’s interactive LLM session (e.g., llama.cpp) across process or container boundaries.”

It is pertinent to mention here that the vulnerability is not present in Apple’s M3 processors. They were introduced late in 2024 with three new models of the MacBook Pro. Crucially, Apple decided not to roll out a consumer-focused MacBook Air in parallel but to focus its inventory on the iPhone 15 Pro and 15 Pro Max.