Executive Summary

CVE-2026-49269 is a security vulnerability affecting Apple M1 GPUs where register file data is retained between compute shader dispatches from different processes. This means that a sandboxed attacker app using Metal can run a GPU reader shader to read stale register values left behind by a separate sandboxed victim app.

In a proof of concept, a victim app generated a fresh random 128-bit secret and loaded it into GPU registers. A separate attacker app was able to recover the exact secret from the stale GPU register state, demonstrating a cross-process information disclosure.

This vulnerability arises because the GPU does not properly clear register state between different sandboxed processes, allowing one app to access sensitive data from another app's GPU operations.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to the exposure of sensitive information processed by GPU code in sandboxed applications. An attacker app can recover secrets such as application secrets, API tokens, passwords, or private user data that were handled by another app's GPU compute shaders.

Because the attacker app does not require shared files, memory, or special permissions, this flaw represents a serious breach of sandbox isolation and can compromise the confidentiality of sensitive data on affected Apple M1 systems.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves residual GPU register state being accessible across sandboxed apps on Apple M1 hardware. Detection would require running or monitoring GPU compute shader dispatches from different sandboxed processes to check for leakage of stale register data.

A practical detection approach is to use a proof-of-concept style test where one sandboxed app generates a secret and loads it into GPU registers, and a separate sandboxed app attempts to read stale register values to recover that secret.

There are no specific commands provided in the available resources to detect this vulnerability directly on a system or network.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability affects legacy Apple M1 hardware where GPU register data is retained between compute shader dispatches from different processes.

Immediate mitigation steps include avoiding running untrusted or sandboxed GPU compute shader code on affected legacy Apple M1 hardware.

Upgrading to current-generation Apple Silicon hardware is recommended, as the issue has been addressed at the hardware level in newer devices.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows a sandboxed attacker app to recover sensitive data processed by another sandboxed app's GPU compute shader, potentially exposing application secrets, API tokens, passwords, or private user data.

Such unauthorized disclosure of sensitive or personal data could lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls to prevent unauthorized access to personal and sensitive information.

Therefore, if exploited, this vulnerability could compromise the confidentiality requirements mandated by these regulations, potentially resulting in legal and regulatory consequences for affected organizations.

Useful 0 Not Useful 0