CVE-2026-49269
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed attacker app can read stale register values left by a separate sandboxed victim app.
Risk Assessment
An attacker can recover sensitive data, such as secret keys, from GPU memory, potentially leading to serious security breaches.
Recommendation
It is recommended to upgrade to newer generation Apple Silicon hardware that is not affected by this vulnerability. Additionally, monitor GPU-using applications for potential attacks.
Original NVD description (English source)
Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random 128-bit secret using SecRandomCopyBytes and loads it into GPU registers. GPUAttacker.app, a separate sandboxed app, recovers the exact secret from stale GPU register state. NOTE: The vendor stated that this behavior affects only legacy hardware and has already been addressed at the hardware level in current-generation Apple Silicon.

