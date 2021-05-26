



Asahi Linux developer Hector Martin uncovered a secret channel vulnerability in the Apple M1 chip he named M1RACLES, and in the process gently criticized how security flaws began to be exposed to the public.

Martins’ M1 RACLES Executive Summary sounds disastrous. A design flaw in the Apple Silicon M1 chip allows two applications running in the OS to secretly exchange data between them without using memory, sockets, files, or other normal operating system features. .. It acts as a different user between processes running at different privilege levels, creating a secret channel for rogue data exchange. [] This vulnerability is built into the Apple silicon chip and cannot be fixed without a new silicon revision. (I emphasize him.)

He also stated that this was the result of a deliberate decision on the part of Apple. Basically, Apple decided to break the ARM spec by removing the required features. Because I didn’t think it was necessary to use that feature on macOS, “he explained. And it turns out that removing that feature makes it much more difficult for existing operating systems to mitigate this vulnerability. The company needs to change the silicon level in the follow-up to M1 to mitigate this flaw.

But he also revealed in the FAQ that Mac owners shouldn’t be particularly worried about M1 RACLES. That secret channel affects 2 bits. It is extensible, and Martin said transfer rates above 1 MB / s are possible with little optimization. However, malicious apps that may take advantage of such methods are much more likely to share information through other channels. Calling this a 2-bit vulnerability would be technically and linguistically correct. It’s a real security flaw, but it’s unlikely to pose a real threat to Apple’s customers.

So why bother to come up with a catchy name, create a logo, and launch a website in the first place? Martin covered it in the FAQ: Enjoy how ridiculous infosec clickbait vulnerability reports have become recently. Just because you have a flashy website doesn’t mean you have to worry about it being news, “he writes. Congratulations on reading this far! You are one of the rarest people to retweet based on page title 🙂 [] To be honest, I just wanted to play Bad Apple! It exceeds the vulnerability of M1. You have to admit it’s a little cool.

It is becoming more and more common for vulnerability disclosure to include all the elements that Martin parodies with M1 RACLES. No one cares about CVE identifiers. I don’t care about names like Heartbleed, Meltdown, Specter, etc. Researchers haven’t just said that there is a problem with drivers from Intel, Nvidia, AMD, and many other companies. They called their report Screwed Drivers. Early malware targeting M1 was not simply called M1_Malware_1. It was called Silver Sparrow. To be honest, such amazing researchers haven’t started selling T-shirts along with their reports.

M1RACLES means that the catchy names, logos and websites created ironically have reached a kind of effective meta-branding, but at least we all have a tongue firmly planted on the cheeks. .. More details about the defect should be available in the CVE-2021-30747 miter list at some point in the future. Martins’ efforts to bring Linux to the M1 via Asahi Linux, where the Apple Silicon m1n1 Experimental Playground was used to discover this flaw, can also be tracked from the project website.

