This site may earn affiliate commissions from the links on this folio. Terms of employ.

Nvidia GeForce GK106 GPU Core

A new bug in Apple systems with Nvidia graphics cards tin expose private information — but according to Nvidia, information technology's not something they can fix. The issue came to light when Evan Andersen launched Diablo Three on his Mac. Instead of the game's familiar splash screen, he saw a perfect screen grab of pornography he'd been, um, reviewing at an earlier point in the day.

CDBOWiH

According to Evan, the bug occurs because "GPU retentivity is not erased before giving it to an application. This allows the contents of one application to leak into another. When the Chrome incognito window was closed, information technology's [sic] framebuffer was added to the pool of costless GPU retentivity, but information technology was not erased. When Diablo requested a framebuffer of it'southward [sic] own, Nvidia offered up the one previously used past Chrome. Since it wasn't erased, it still independent the previous contents. Since Diablo doesn't clear the buffer itself (as it should), the former incognito window was put on the screen again."

Andersen and then wrote a plan that would scan GPU memory for not-zero pixels and output the results. Doing so allowed the plan to create a pixel-perfect image of a Reddit page that had been browsed on a dissever account.

F8yYr6N

Despite submitting the bug two years ago, neither Google nor Nvidia has provided any kind of solution. An Nvidia spokesperson told VentureBeat: "This issue is related to memory management in the Apple Os, not NVIDIA graphics drivers. The NVIDIA commuter adheres to policies set by the operating organization and our driver is working as expected. We have non seen this upshot on Windows, where all application-specific information is cleared before memory is released to other applications."

Google's apparent position is that Incognito mode isn't meant to protect the privacy of multiple users on the aforementioned PC, despite that being one of the mode's primary selling points. Neither Apple or Google have been willing to annotate publicly on the issue. (The Google reference comes from the original bug report.)

Correct now, the problem seems more than embarrassing than serious, merely information technology could theoretically exist used to data mine systems. If an application tin can be coded to continuously cycle through and tape images of the frame buffer, information technology could be an effective means to eavesdrop on a arrangement or record conversations. A smashing deal of security work has been done on securing operating systems and guarding against CPU attacks; we don't see nearly as much research into how GPUs can be used to spy on individuals.

It's not clear if this consequence also occurs with AMD graphics cards or not. (The link references Nvidia and states Intel doesn't have this trouble, merely does non provide additional information on whether or not AMD cards have the same trouble.)

Google's PR may not accept responded publicly, but the bug report discussion indicates that some folks at Chromium.org are exploring possible solutions. There's too no word if this problem affects Safari or Firefox.