CVE-2026-49269

Name of the Vulnerable Software and Affected Versions Apple M1 GPUs (affected versions not specified)

Description Apple M1 GPUs retain register file data between compute shader dispatches from different processes. This allows a sandboxed Metal attacker application to execute a GPU reader shader to access stale register values left by a separate sandboxed victim application. In demonstrated scenarios, an attacker app can recover secrets, such as 128-bit random values generated by SecRandomCopyBytes(), from the stale GPU register state.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.