Apple’s M1 Chip Has a Fascinating Flaw
A developer discovered a flaw in Apple’s New M1 CPU. This flaw creates a hidden medium by which two or more previously installed malicious apps can exchange information with each other.
According to developer Hector Martin, the concealed communication is still possible even without the use of computer memory, sockets, files, or any other operating system feature. These channels can connect different processes operating as different users with different permission levels. In a way, these aspects permit the apps to transfer data undetected unless specialized equipment is used.
Martin says that the flaw is harmless considering that it cannot infect a Mac and it cannot be used by malicious software to tamper with or steal the data in a computer. However, it can be misused by two or more previously installed malware in a Mac using channels that are not related to the M1 flaw.
The bug, which Martin names the M1racles, is categorized as a vulnerability and because of that it has its own vulnerability designation, CVE-2021-30747.
Moreover, Martin assessed that the M1chip flaw violates the operating system security model. It should not be possible for processes to send data to each other secretly.
One of the researchers who helped discover more serious vulnerabilities in Intel, AMD, and ARM CPUs, Michael Schwartz, further stated that the bug can only be used as a means for two malwares to communicate but cannot be used to derive information from any application in the system.
Schwartz likens the vulnerability to an unnamed post office box that is used by two applications to exchange information with each other. Other applications cannot detect the exchange; neither can it be blocked. Since no other application is using the post office box, there is no leakage of information. Even if it does not pose a threat to security, it can still be abused as an inadvertent means of communication and that qualifies it as a vulnerability.
As stated by Martin, iPhones can be vulnerable to the flaw as the same can circumvent the sandboxing feature of iOS apps. Normally, a malicious keyboard app cannot leak key presses because it has no access to the internet. The hidden medium can sidestep the protection by transferring the key presses to another malware which would also pass it over to the internet.
But Martin allays fears by stating that the chances that two apps may pass Apple’s review process and get installed in a device are low.
The flaw comes from a register that is based on a per-cluster system in ARM CPUs that is accessible by a mode that is reserved for user applications or ELO which means that it has a limited permission system. This same register has two bits that can be read or written to. Because the register can be accessed all at the same time by all cores in the cluster, a covert channel is thus created.
Martin accidentally came upon the flaw as he was using a tool called m1n1 when he was lead manager for Asahi Linux in a project that aims to port Linux to M1-based Macs. At first, he thought the operation was an exclusive feature, so, he openly took this up in developer forums. Then, he later realized that it was a bug that even the Apple developers were not aware of.
- Apple’s new M1 CPU has a flaw which creates a hidden medium by which two or more previously installed malicious apps can exchange information with each other.
- Hector Martin says that the flaw is harmless considering that it cannot infect a Mac and it cannot be used by malicious software to tamper with or steal the data in a computer.
- iPhones can be vulnerable to the flaw as the same can circumvent the sandboxing feature of iOS apps.
- The flaw comes from a register that is based on a per-cluster system in ARM CPUs that is accessible by a mode that is reserved for user applications or ELO which means that it has a limited permission system.
- The vulnerability cannot be fixed without a silicon redesign but the bug is considered low risk.
Our Trademark Lawyers in Sydney are Experts when it comes to Registering Trademark or Trademark Opposition Process in Sydney
Bianca “Bianx” Ysabel, Digital Administrator
Contact W3IP Law on 1300 776 614 or 0451 951 528 for more information about any of our services or get in touch at firstname.lastname@example.org.
Disclaimer. The material in this post represents general information only and should not be taken to be legal advice.