CVE-2026-49269

Apple M1 GPUs expose a cross-process register state leakage: a sandboxed Metal attacker can read stale values from another sandboxed process’s compute shader dispatches, potentially recovering a 128-bit secret that was loaded into GPU registers. In proof-of-concept, a victim app writes a fresh se...

CVE-2026-49269

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random...

CVE-2024-40927

In the Linux kernel, the following vulnerability has been resolved: xhci: Handle TD clearing for multiple streams case When multiple streams are in use, multiple TDs might be in flight when an endpoint is stopped. We need to issue a Set TR Dequeue Pointer for each, to ensure everything is reset...

New macOS malware steals sensitive info, including a user's entire Keychain database

A new macOS malware--called MacStealer--that is capable of stealing various files, cryptocurrency wallets, and details stored in specific browsers like Firefox, Chrome, and Brave, was discovered by security researchers from Uptycs, a cybersecurity company specializing in cloud security. It can al...

The vulnerability of the Data Memory-Dependent Prefetcher (DMP) mechanism in Apple M1 and A14 processors allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Data Memory-Dependent Prefetcher DMP mechanism in Apple M1 and A14 processors is related to pointer swapping errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

M1 Chip Vulnerability

This is a new vulnerability against Apples M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep...

Don’t panic! “Unpatchable” Mac vulnerability discovered

Researchers at MITs Computer Science & Artificial Intelligence Lab CSAIL found an attack surface in a hardware-level security mechanism utilized in Apple M1 chips. The flaw is unpatchable, but attackers would need to chain it with other vulnerabilities to make use of the attack method. The hardwa...

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can't Be Patched

A novel hardware attack dubbed PACMAN has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an important memory protection...

Building Native Images with GraalVM and Spring Native on Apple's M1 Architecture

It finally happened! They did it! They did it just in time for me to get on the road and start building applications on the road with my shiny new laptop, too! JOY!! Oracle and the GraalVM team released GraalVM and the GraalVM native image capability for Apple M1! Ive been waiting for this day fo...

Kali Linux 2021.4 released with Samba compatibility, Apple M1 support, 9 new tools

By Waqas The release of the new Kali Linux 2021.4 has been grabbing headlines for the array of new capabilities and tools embedded with it. This is a post from HackRead.com Read the original post: Kali Linux 2021.4 released with Samba compatibility, Apple M1 support, 9 new tools...

Security Vulnerability in Apple’s Silicon “M1” Chip

The website for the M1racles security vulnerability is an excellent demonstration that not all vulnerabilities are exploitable. Be sure to read the FAQ through to the end. EDITED TO ADD: Wired article...

Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE project...

Exploiting Spectre Over the Internet

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, were sharing proof-of-concept PoC code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome...

A week in security (February 15 – February 21)

Last week on Malwarebytes Labs, the spotlight fell on the State of Malware 2021 report, wherein we have seen cyberthreats evolve. We also touched on ransomware, such as Egregor and a tactic known as Remote Desktop Protocol RDP brute forcing that has long been part of the ransomware operators...

Hackers Targeting Apple’s M1 Chip with Mac Malware

By Waqas Ex-NSA researcher has discovered malware that is equipped with anti-analysis capabilities and designed to specifically target Apple's new chip. This is a post from HackRead.com Read the original post: Hackers Targeting Apples M1 Chip with Mac Malware...

First Malware Designed for Apple M1 Chip Discovered in the Wild

One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company's latest generation of Macs powered by its own processors. While the transiti...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 87 to the Stable channel 87.0.4280.66 for Windows and Linux, 87.0.4280.67 for Mac. This will roll out over the coming days/weeks. Chrome 87.0.4280.66/67 contains native support for Apple M1 devices and a number of fixes and...