Sign In

Communications of the ACM

ACM News

Apple’s M1 Chip Has a Fascinating Flaw


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A woman examines a display of Macs.

The flaw in Apple's new M1 CPU chip violates the OS security model," wrote developer Hector Martin in a blog post. "You're not supposed to be able to send data from one process to another secretly. And even if harmless in this case, you're not supposed to be able to write to random CPU system registers from user space either."

Credit: Brendon Thorne/Bloomberg/Getty Images

Apple's new M1 CPU has a flaw that creates a covert channel that two or more malicious apps—already installed—can use to transmit information to each other, a developer has found.

The surreptitious communication can occur without using computer memory, sockets, files, or any other operating system feature, developer Hector Martin said. The channel can bridge processes running as different users and under different privilege levels. These characteristics allow for the apps to exchange data in a way that can't be detected—at least not without specialized equipment.

Martin said the flaw is mainly harmless, because it can't be used to infect a Mac, and it can't be used by exploits or malware to steal or tamper with data on a machine. It can only be abused by two or more malicious apps that have already been installed on a Mac through means unrelated to the M1 flaw.

From Wired
View Full Article

 


 

No entries found