A critical information disclosure vulnerability in Apple M1 GPUs allows for cross-process data leakage, posing a significant risk to data confidentiality.

This vulnerability involves improper memory isolation where register file data is retained between compute shader dispatches. Because the GPU does not clear this data, a malicious process can potentially access sensitive information previously processed by a different, unrelated process.

The retention of register data creates a high risk of sensitive information exposure, including cryptographic keys or private user data processed by the GPU. Given the CVSS score of 8.6, this flaw represents a significant threat to multi-tenant environments or systems where untrusted code may be executed, potentially leading to unauthorized data access and severe reputational damage.

Immediate Action: Apply all relevant security updates provided by Apple as soon as they become available.

Proactive Monitoring: Monitor system logs for unusual GPU-related errors or performance anomalies that may indicate unauthorized shader execution.

Compensating Controls: Restrict the execution of untrusted or third-party compute shaders in environments where data isolation is critical.

Public Exploit Available: false

The severity of this vulnerability necessitates immediate attention to prevent potential cross-process memory exposure. Administrators should prioritize the deployment of Apple's security patches across all affected M1-based hardware to ensure proper register clearing and data isolation.