A new bug in Apple systems with Nvidia graphics cards can expose private information — but according to Nvidia, it’s not something they can fix. The issue came to light when Evan Andersen launched Diablo III on his Mac. Instead of the game’s familiar splash screen, he saw a perfect screen grab of pornography he’d been, um, reviewing at an earlier point in the day.
According to Evan, the bug occurs because “GPU memory is not erased before giving it to an application. This allows the contents of one application to leak into another. When the Chrome incognito window was closed, it’s [sic] framebuffer was added to the pool of free GPU memory, but it was not erased. When Diablo requested a framebuffer of it’s [sic] own, Nvidia offered up the one previously used by Chrome. Since it wasn’t erased, it still contained the previous contents. Since Diablo doesn’t clear the buffer itself (as it should), the old incognito window was put on the screen again.”
Andersen then wrote a program that would scan GPU memory for non-zero pixels and output the results. Doing so allowed the program to create a pixel-perfect image of a Reddit page that had been browsed on a separate account.
Despite submitting the bug two years ago, neither Google nor Nvidia has provided any kind of solution. An Nvidia spokesperson told VentureBeat: “This issue is related to memory management in the Apple OS, not NVIDIA graphics drivers. The NVIDIA driver adheres to policies set by the operating system and our driver is working as expected. We have not seen this issue on Windows, where all application-specific data is cleared before memory is released to other applications.”
Google’s apparent position is that Incognito mode isn’t meant to protect the privacy of multiple users on the same PC, despite that being one of the mode’s primary selling points. Neither Apple or Google have been willing to comment publicly on the issue. (The Google reference comes from the original bug report.)
Right now, the problem seems more embarrassing than serious, but it could theoretically be used to data mine systems. If an application can be coded to continuously cycle through and record images of the frame buffer, it could be an effective means to eavesdrop on a system or record conversations. A great deal of security work has been done on securing operating systems and guarding against CPU attacks; we don’t see nearly as much research into how GPUs can be used to spy on individuals.
It’s not clear if this issue also occurs with AMD graphics cards or not. (The link references Nvidia and states Intel doesn’t have this problem, but does not provide additional information on whether or not AMD cards have the same problem.)
Google’s PR may not have responded publicly, but the bug report discussion indicates that some folks at Chromium.org are exploring possible solutions. There’s also no word if this problem affects Safari or Firefox.
Apple’s FoundationDB open sources the database layer behind CloudKitJanuary 25, 2019