Submission + - Asahi Linux Dev Reveals 'M1RACLES' Flaw in Apple M1 (tomshardware.com) 2
AmiMoJo writes: Asahi Linux developer Hector Martin has revealed a covert channel vulnerability in the Apple M1 chip that he dubbed M1RACLES, and in the process, he’s gently criticized the way security flaws have started to be shared with the public.
Martin’s executive summary for M1RACLES sounds dire: “A flaw in the design of the Apple Silicon ‘M1’ chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange. [] The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.“
Martin’s executive summary for M1RACLES sounds dire: “A flaw in the design of the Apple Silicon ‘M1’ chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange. [] The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.“
From the article (Score:2)
"Just because it has a flashy website or it makes the news doesn't mean you need to care,â he wrote. âoeIf you've read all the way to here, congratulations! You're one of the rare people who doesn't just retweet based on the page title :-) "