Apple admits security flaw in GPUs, hides it for 4 years before fixing it
According to Trail of Bits reports, Apple hid a fatal vulnerability in the iPhone 12 and other devices, and they fixed it only after 4 years.
A security vulnerability called "LeftoverLocals" allows an attacker to access data that has already been processed in the device's GPU, and Apple later admitted that the iPhone 12 and M2 MacBook Air were affected.
The vulnerability exploits residual data that has not been cleared from the GPU, allowing an attacker with local access to the device to read the data. The researchers demonstrated the attack process, successfully reading the contents of a conversation with the AI chatbot ChatGPT.
The researchers said, "Some of these devices appear to have been patched, namely the Apple iPad Air 3 (A12). However, the Apple MacBook Air (M2) still seems to have the issue.
Also, the recently released Apple iPhone 15 doesn't seem to be affected as much as previous versions.
For now, the best way for users with vulnerable devices to protect themselves is to never allow third parties to access their devices. Users should also always install the latest security updates provided by Apple.