Mac users, beware! Your super private incognito mode, or actually anything you might be doing that you don’t want other eyes to see, might not be that safe after all. At least if those eyes belong to other people you allow to use your Mac. A report over the weekend revealed how Apple’s computers sometimes suddenly pops up a “ghost” of a previously closed window, potentially revealing its contents. At first, it was NVIDIA‘s GPUs were theorized to be the culprit, as it is the one handling the graphics work. NVIDIA, however, says it’s Apple‘s OS X that’s at fault.
University of Toronto engineering student Evan Anderson was about to play a bout of Diablo III when the porn he was viewing early (yes, he admits to it) suddenly popped up. That website was visited under Chrome’s Incognito mode, so, in theory, the computer nor Google shouldn’t have any memory of where Anderson went online. The problem, however, wasn’t related to the browser at all but lies deeper in the computer hardware.
The graphics card of a computer is responsible for pushing pixels to display on a screen. It is normal for the hardware to have a snapshot of what’s displayed on screen. That, however, should be cleared once the scene changes. In Anderson’s case, however, a previous state of the Chrome browser screen wasn’t wiped off, allowing the operating system to reproduce it, thereby exposing the contents of what was previously displayed in the browser.
Engineering student that he is, Anderson cooked up a way to reproduce the problem. He was, for example, able to reproduce pixel for pixel a Reddit webpage that was displayed last on Chrome. It should be noted that the bug doesn’t really bring up Chrome and the website itself, just a snapshot of what the window or screen looked like before it should have been cleared. While it does make plain text available in plain view, masked text like passwords still show up as masked.
Since Anderson has gone public with the bug, which he reported to NVIDIA and Google, the graphics chip maker has made a public statement washing its hands of the error. It lays the blame, instead, on OS X’s memory management, or mismanagement in this case. It says that it simply follows the guidelines set by Apple and nothing else. It further emphasizes that it is an OS X bug since the same problem has not been reproduced on Windows. As if to support that claim, some reports say that the same bug is present in Macs with AMD cards.
It should also be noted that this exploit can really only be dangerous if you’re sharing a Mac with others, as it cannot be exploited remotely over a network, local or otherwise. Not a problem for personal property but might be an issue for families or schools. Neither Apple nor Google, whose Chrome browser is at the center of it too, have made any comments.
VIA: VentureBeat http://venturebeat.com/2016/01/13/nvidia-blames-apple-for-bug-that-exposes-porn-browsing-in-chromes-incognito-mode/