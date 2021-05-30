



The vulnerability could allow two malicious apps to send information to each other on an Apple Silicon Mac.

Security researchers have discovered that the Apple Silicon M1 chip is flawed and can create secret channels that multiple malicious apps can use to send information to each other.

This can be done “without using computer memory, sockets, files, or other operating system features”. Ars Technica cites and reports on the work of developer Hector Martin. This could reportedly be used to allow malicious apps that need to be already installed to pass information undetected.

M1racles vulnerabilities

Martin calls the bug M1racles. It allegedly complies with the definition of computer vulnerabilities. Its official name is CVE-2021-30747.

Fortunately, Apple probably doesn’t want the M1 Mac’s security issues, but this particular vulnerability is considered “mainly harmless.” This is because it cannot be used to infect your Mac with malware or steal or tamper with the data stored on your Mac. Nonetheless, in a blog post describing the vulnerability, Martin said:

It violates the OS security model. You cannot secretly send data from one process to another. Also, in this case, even if it is harmless, it cannot be written to random CPU system registers from user space.

According to Martin, this flaw is due to the per-cluster system registers of ARM CPUs, including ARM-based Apple silicon processors. It can be accessed from EL0, the mode retained for user applications, and has limited system privileges.

The report continues as follows: “The register contains two bits that can be read or written, which creates a hidden channel because it can be accessed simultaneously by all cores in the cluster.” This slightly optimized approach , It has been reported that it can be used to achieve transfer rates in excess of 1MB per second.

Apparently, this vulnerability cannot be patched using wireless software updates. This is how Apple usually resolves bugs and other vulnerabilities.

Apple did not respond to the report and said it would fix the flaw in a future version of the acclaimed M-series chip. Apple seems to be already developing the next-generation Apple Silicon M2 chip. It may appear later this year.

Probably harmless

As mentioned earlier, this is not a flaw that the overwhelming majority of users need to worry about. Nonetheless, it shows that even Apple’s flashy new Apple Silicon is not without potential flaws.

This doesn’t seem to be particularly terrible at first glance, but users should always be careful and keep up with what security researchers have discovered. I don’t know when it will be much more serious.

Apple Exec admits that macOS malware has reached an unacceptable level

Increasing the security of macOS is one way to promote the benefits of the iOS platform.

About the author Luke Dormehl (176 articles published)

Luke has been a fan of Apple since the mid-1990s. His main interest in technology is smart devices and the intersection of technology and liberal arts.

