The security researcher that has discovered an M1 security vulnerability says it’s “baked into” Apple Silicon chips, but also says that it’s not something to worry about.
Researcher Hector Martin shares his description of it:
A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.
The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.
Milan says that M1 Mac users need not be concerned, as the worst-case scenario would be that ad companies might try to exploit the flaw for cross-app tracking.
The researcher even includes a humorous FAQ on his site that tells users not to worry:
Can malware use this vulnerability to take over my computer?
Can malware use this vulnerability to steal my private information?
Can malware use this vulnerability to rickroll me?
Yes. I mean, it could also rickroll you without using it.
Can this be exploited from Java apps?
Wait, people still use Java?
Can this be exploited from Flash applets?
Can I catch BadBIOS from this vulnerability?
Wait, is this even real?
So what’s the real danger?
If you already have malware on your computer, that malware can communicate with other malware on your computer in an unexpected way. Chances are it could communicate in plenty of expected ways anyway.
That doesn’t sound too bad.
Honestly, I would expect advertising companies to try to abuse this kind of thing for cross-app tracking, more than criminals. Apple could catch them if they tried, though, for App Store apps. Wait. Oh no. Some game developer somewhere is going to try to use this as a synchronization primitive, aren’t they. Please don’t. The world has enough cursed code already. Don’t do it. Stop it. Noooooooooooooooo […]
So what’s the point of this website?
Poking fun at how ridiculous infosec clickbait vulnerability reporting has become lately. Just because it has a flashy website or it makes the news doesn’t mean you need to care. If you’ve read all the way to here, congratulations! You’re one of the rare people who doesn’t just retweet based on the page title 🙂
The researcher says iOS could also be affected, but that Apple should be able to catch any app that tries to use the flaw during the App Store submission review.
Martin also posted an amusing proof of concept video:
M1RACLES (CVE-2021-30747) is a covert channel vulnerability found on Apple Silicon “M1” CPUs. This vulnerability allows data to be secretly exchanged between two applications, even running as different users, without using any normal OS channels or features. Data flows straight from one process to another, like magic.
This proof-of-concept demonstrates that the 2-bit covert channel has enough throughput to transmit video in real-time, and that the channel can be made robust enough to do so with few or no visible glitches.