Major Security Flaw in Apple, AMD, and Qualcomm GPUs Discovered

Vulnerability allows data theft in shared environments, with mitigation options expected in March 2024

Researchers from cybersecurity firm Trail of Bits discovered a vulnerability, dubbed LeftoverLocals, that affects graphics cards made by Apple, AMD, and Qualcomm. The flaw allows potential attackers to steal data from other users on the same hardware.
The vulnerability is particularly dangerous in shared environments such as workstations or cloud computing infrastructures, where it can bypass security measures and access GPU memory.
Trail of Bits tested 11 GPUs across various devices, including AMD's RX 7900 XT, Apple's MacBook Air (M2), and the 3rd-gen iPad Air based on the A12 chip.
Affected companies have been alerted. Apple has patched the vulnerability on some devices, but it remains present on the MacBook Air. AMD plans to roll out mitigation options starting in March 2024.
The vulnerability does not seem to affect Nvidia, Arm, and Imagination GPUs. The impact on home users is expected to be minimal.