Apple, Qualcomm, and AMD have all confirmed that they are impacted by the LeftoverLocals vulnerability. Apple has shipped fixes with its latest M3 and A17 processors, but the vulnerability is still present in millions of existing devices that depend on previous generations of Apple silicon. Qualcomm is in the process of providing security updates to its customers, and AMD plans to offer fixes for LeftoverLocals in March. Google has also released fixes for ChromeOS devices with impacted AMD and Qualcomm GPUs.
Key takeaways:
- Researchers have discovered a vulnerability in multiple brands and models of mainstream GPUs, including Apple, Qualcomm, and AMD chips, that could allow an attacker to steal large quantities of data from a GPU's memory.
- The vulnerability, called LeftoverLocals, requires some level of operating system access on a target's device and can break down data silos, potentially exposing sensitive data.
- Apple, Qualcomm, and AMD have all confirmed the vulnerability. Apple has shipped fixes with its latest M3 and A17 processors, Qualcomm is in the process of providing security updates, and AMD plans to offer fixes in March.
- Google has also released fixes for ChromeOS devices with impacted AMD and Qualcomm GPUs.