ARM-based M1 Chip, the first Apple-designed SoC developed for Macs, that was more recently employed in the new iPad Pro, has a security vulnerability that allows two applications to covertly exchange data between them without going through proper channels
ARM-based M1 Chip, the first Apple-designed SoC developed for Macs and the iPad Pro, has a security vulnerability that allows two applications to covertly exchange data between them without going through proper channels. The vulnerability was accidentally spotted by a developer, Hector Martin, while he was working on porting Linux to the M1. He says that the flaw exists at the hardware level and can not be fixed by a software update. Apple was notified of the issue 90-days prior to the developer making the issue public and has already acknowledged it.
Hector, however, notes that this flaw isn’t something users need to worry about.
Here’s how the developer describes it:
“A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.
The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.”
The cause appears to be Apple violating an AMR specification requirement. At worst the flaw can be exploited by advertising companies for cross-app tracking. Users don’t have to really worry about malware exploiting this to take over their devices or steal their data.
Martin also has a proof-of-concept video on his website that demonstrates that the covert channel can be used to transfer enough data to stream a video in real-time with few or no glitches.
The flaw also affects iPhone 12 series that’s powered by A14 Bionic, since both the A14 and M1 are based on the same micro-architecture. The flaw is also expected to affect the next generation M1X chip that will reportedly be used in the upcoming MacBook Pro. It’s likely to get fixed in the iteration following that.