Apple, AMD, and Qualcomm's AI GPUs are all at risk.

To exploit the LeftoverLocals vulnerability, an attacker must have access to the operating system on the target device. Once successful, the hacker can extract data from local memory allocated to the GPU that they would otherwise not have access to.

The study's authors demonstrated how this attack works: They launched a large-scale LLaMA model with 7 billion parameters using an AMD Radeon RX 7900 XT GPU, asked the AI ​​questions, and "listened" to the answers. The data obtained almost perfectly matched the system's actual response. Even more concerning, the attack required fewer than ten lines of code.

Trail of Bits stated that last summer, they tested 11 chips from 7 GPU manufacturers in various software environments. The LeftoverLocals vulnerability was found in AMD, Apple, and Qualcomm GPUs, but it was not possible to determine whether it existed for Nvidia, Intel, or ARM GPUs.

An Apple spokesperson acknowledged the issue and stated that the vulnerability has been fixed for the M3 and A17 chips, meaning earlier models remain susceptible. Meanwhile, Qualcomm reported it is in the process of distributing security updates to its customers. AMD stated that a software update will be released in March to "selectively mitigate" the LeftoverLocals vulnerability. Google also reported it has released a ChromeOS update for devices running AMD and Qualcomm chips.

However, Trail of Bits warns that end users may not easily obtain all of these software update options. Chip manufacturers release new firmware versions, and PC and component manufacturers implement them into their own latest software versions, which are then delivered to the end owners of the devices. With the large number of participants in the global market, coordinating the actions of all parties is not easy. While LeftoverLocals requires some level of access to the target device to operate, modern attacks are carried out across the entire vulnerability chain, meaning hackers can fully exploit them by combining methods.