cua cà mau cua tươi sống cua cà mau bao nhiêu 1kg giá cua hôm nay giá cua cà mau hôm nay cua thịt cà mau cua biển cua biển cà mau cách luộc cua cà mau cua gạch cua gạch cà mau vựa cua cà mau lẩu cua cà mau giá cua thịt cà mau hôm nay giá cua gạch cà mau giá cua gạch cách hấp cua cà mau cua cốm cà mau cua hấp mua cua cà mau cua ca mau ban cua ca mau cua cà mau giá rẻ cua biển tươi cuaganic cua cua thịt cà mau cua gạch cà mau cua cà mau gần đây hải sản cà mau cua gạch son cua đầy gạch giá rẻ các loại cua ở việt nam các loại cua biển ở việt nam cua ngon cua giá rẻ cua gia re crab farming crab farming cua cà mau cua cà mau cua tươi sống cua tươi sống cua cà mau bao nhiêu 1kg giá cua hôm nay giá cua cà mau hôm nay cua thịt cà mau cua biển cua biển cà mau cách luộc cua cà mau cua gạch cua gạch cà mau vựa cua cà mau lẩu cua cà mau giá cua thịt cà mau hôm nay giá cua gạch cà mau giá cua gạch cách hấp cua cà mau cua cốm cà mau cua hấp mua cua cà mau cua ca mau ban cua ca mau cua cà mau giá rẻ cua biển tươi cuaganic cua cua thịt cà mau cua gạch cà mau cua cà mau gần đây hải sản cà mau cua gạch son cua đầy gạch giá rẻ các loại cua ở việt nam các loại cua biển ở việt nam cua ngon cua giá rẻ cua gia re crab farming crab farming cua cà mau
Skip to main content

AMD and Apple face a dangerous new security flaw

A preview of the LeftoverLocals vulnerability using llama LLM.
Trail of Bits

Researchers from cybersecurity firm Trail of Bits just found a vulnerability that affects some of the biggest brands in tech, namely Apple, AMD, and Qualcomm. The vulnerability, dubbed LeftoverLocals, affects graphics cards made by those companies. That makes it pretty widespread, with it affecting devices ranging from PCs and servers to tablets and smartphones. This flaw, if exploited, could allow attackers to access and steal data from vulnerable devices.

Normally, when working in a shared environment — such as a workstation or a cloud computing infrastructure — each user only has access to their own data and resources, even when working on the same hardware. However, LeftoverLocals bypasses these security measures and uses GPU memory to let potential attackers steal data from the other users on that same hardware.

Recommended Videos

Trail of Bits used Llama.cpp, a large language model (LLM), to show how the vulnerability allows an attacker to accurately and swiftly receive data from the system by stealing it from the graphics memory. In this proof of concept, the attacker was able to receive the contents of an LLM query with high accuracy.

It’s hard to say just how widespread this vulnerability is, but Trail of Bits tested 11 GPUs across many different devices. The affected GPUs include AMD’s recently discounted RX 7900 XT, but also graphics in Apple’s MacBook Air (M2) and the 3rd-gen iPad Air based on the A12 chip.

As mentioned, this vulnerability is only said to affect shared devices, so if you’re running a home PC connected to your own personal network, you most likely have nothing to worry about — but cloud computing environments can be affected, too, and that’s where the biggest danger lies for many users.

“An attack program must be co-resident on the same machine and must be “listening” at the same time that the victim is running a sensitive application on the GPU. This could occur in many scenarios: for example, if the attack program is co-resident with the victim on a shared cloud computer with a GPU,” said the researchers in their blog post.

RX 7900 XTX and RX 7900 XT on a pink background.
Jacob Roach / Digital Trends

The researchers have alerted the affected companies, some of which have already responded. It seems that Nvidia, Arm, and Imagination GPUs are not currently affected. Apple appears to have patched the vulnerability on some of its devices, but, as the researchers note, it’s still present on the MacBook Air.

AMD released an update regarding the vulnerability, first shared by Tom’s Hardware, featuring a full list of products that are impacted. It’s one lengthy list, including CPUs going as far back as the Ryzen 3000 and all the way up to AMD’s latest and greatest CPUs, like the Ryzen 7000 series for desktops and the Ryzen 7045 lineup for laptops. GPUs include the RX 5000 series, RX 6000 series, RX 7000 series, and a whole lot of workstation cards, as well as data center graphics. AMD is planning to roll out mitigation options starting in March 2024, but they will not be mandatory and will need to be enabled manually.

LeftoverLocals sounds pretty scary, but fortunately, the impact on home users shouldn’t be massive. Still, if you’re among those who might be affected, it’s a good idea to enable the fix once AMD rolls it out in March. For other vendors, it seems that all we can do is just wait for a patch.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
Security or performance? With this AMD vulnerability, you can’t have both
Render of an AMD Ryzen chip.

Recently, a cybersecurity researcher discovered a dangerous vulnerability within AMD's Zen 2 processors. Dubbed "Zenbleed," the vulnerability allows attackers to gain access to your computer and steal all of the most sensitive information, including passwords and encryption keys. While this doesn't affect AMD's best processors, it's still a dangerous vulnerability with a wide reach, as it's present in all Zen 2 CPUs, including consumer chips and data center EPYC processors. AMD has a fix on the way, but it might come at a price.

The bug was first spotted by Tavis Ormandy, a researcher working with Google Information Security, who made it public at the end of July. Since then, the researcher has also released a proof of concept code that shows how it works. This, while useful, might help attackers exploit this vulnerability until AMD comes up with a fix.

Read more
AMD Ryzen Master has a bug that can let someone take full control of your PC
A hand holding AMD's Ryzen 9 7950X3D processor.

AMD has just revealed that it spotted a new vulnerability in its Ryzen Master software. The bug sounds pretty dangerous -- it could potentially allow an attacker to take full control of your PC.

Here's everything we know about the vulnerability and the steps you need to take to secure your computer.

Read more
This Wi-Fi security flaw could let drones track devices through walls
Professor Ali Abedi flying Wi-Peep standing against brick wall.

A research team from the University of Waterloo has attached a device to a drone that can use vulnerabilities in Wi-Fi networks to see through walls.

Imagine intruders being able to track people by the devices they have on them or find weak spots in their homes. This alarming possibility has been proven by a device called Wi-Peep, which is essentially $20 of easily-purchasable hardware, an off-the-shelf quadcopter, and the work of Dr. Ali Abedi and his team at the University of Waterloo.

Read more