A safety flaw affecting GPUs from 4 {hardware} producers that uncovered synthetic intelligence (AI) information was unearthed by safety researchers. The difficulty impacts a number of gadgets geared up with GPUs from these corporations, together with some iPhone, iPad, and Mac computer systems. Hackers can exfiltrate private data being utilized in AI operations on the native reminiscence of affected gadgets — together with massive language fashions (LLMs) utilized by companies like Google, Meta, ChatGPT maker OpenAI, and Microsoft utilizing a couple of strains of code, in keeping with researchers.
Researchers at Path of Bits uncovered a safety flaw affecting GPUs from AMD, Apple, Creativeness, and Qualcomm that has been dubbed LeftoverLocals. This vulnerability is expounded to the affected gadget’s GPU and permits hackers to entry data through native reminiscence created by one other course of. Arm, Intel, and Nvidia GPUs are reportedly unaffected by the identical safety flaw.
In an in depth disclosure revealed earlier this week, the researchers spotlight how the safety flaw impacts LLMs and machine studying (ML) fashions which might be run on impacted gadgets. They have been in a position to construct a proof of idea (PoC) of the assault that allowed them to entry data from one other person’s LLM session that was being run in a special course of.
An illustration of an attacker listening in on an interactive LLM chat session
Photograph Credit score: Screenshot/ Path of Bits
By working a couple of strains of code, a hacker can use the LeftoverLocals safety flaw to reconstruct the LLM response in an interactive session “with excessive precision”, in keeping with the researchers. The flaw was found by Tyler Sorensen and is being tracked by CVE-2023-4969.
The researchers state that they reached out to Apple and acquired a response on January 13, whereas the corporate has patched some gadgets with the A17 Professional — that powers the iPhone 15 Professional and 15 Professional Max — and M3 chip sequence, however different gadgets haven’t been patched, such because the M2-powered MacBook Air.
In the meantime, AMD has acknowledged continues to be exploring methods to mitigate the safety vulnerability and Qualcomm has issued a patch with its v2.07 firmware that fixes the flaw on some gadgets, whereas others may nonetheless stay impacted. Affected Creativeness GPUs have been patched final month as a part of the latest DDK 23.3 launch, in keeping with the researchers.
