A developer has discovered that Apple’s new M1 CPU has a defect that creates a secret channel.
This secret channel can use two or more malicious apps – installed – to transmit information to each other.
The developer said Hector Martin: Secret communication can occur without using the computer’s memory, files, or any other feature of the operating system.
A channel can link processes that are running as different users and under different privilege levels.
These properties allow applications to exchange data in a way that cannot be detected – or at least without specialized equipment.
The flaw is essentially harmless because it can’t be used to infect a Mac, Martin said.
It cannot be used by exploits or malware to steal or tamper with data stored across the device.
The flaw can only be abused by two or more malicious apps installed on your Mac by means unrelated to the M1 flaw.
A security vulnerability within the Apple product but:
The bug, which Martin calls M1racles, meets the technical definition of a vulnerability. As such, it came with its own vulnerability designation: CVE-2021-30747.
The error violates the operating system’s security model, as you’re not supposed to be able to secretly send data from one process to another.
And you’re not supposed to be able to write to random CPU system registers from userspace either.
Other researchers with experience in CPU and silicon-based security agreed with this assessment.
The detected error cannot be used to infer information about any application across the system, and can only be used as a communication channel between two malicious applications.
The secret channel may be more important across iPhones, because it can be used to bypass the sandbox built into iOS apps.
Under normal circumstances, a malicious keyboard app has no way to leak your keystrokes because these apps can’t access the internet.
The secret channel can circumvent this protection by passing the keystrokes to another malicious application, which in turn sends them over the Internet.
Even so, the chances of two apps going through Apple’s review process and then installing them on the target’s device are out of reach.
There is no way to correct or fix defects in existing chips.
The vulnerability is even more straightforward to show that flaws in the chip, technically known as Errata, reside in almost all CPUs, even new ones that have the advantage of learning from previous errors made in other architectures.