| Thread Tools |
28th May 2021, 11:31 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 148,738
| Apple's over-hyped M1 chip has a security flaw Too clever over a broken ARM Fruity cargo cult Apple's much-hyped M1 chip has been shipping with a vulnerability that mysteriously is not getting much coverage in the Tame Apple Press. Asahi Linux developer Hector Martin has revealed a covert channel vulnerability in the Apple M1 chip that he dubbed M1RACLES, and in the process, he's gently criticised the way security flaws have started to be shared with the public. Martin's executive summary for M1RACLES makes it look pretty dire. He said that the flaw in the design of the Apple Silicon 'M1' chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange. The good part about it is that Apple baked the flaw into its silicon which means it cannot be fixed without a new silicon revision. Not that Apple minds, that just means that users will have to upgrade their machines for peace of mind, but since Apple wants that anyway it is a win-win for the fruity cargo cult if it even chooses to fix the problem at all. What is more worrying is that Martin is even more cynical about Apple's motives than we are. He claimed that the flaw is a move by Apple to break the ARM spec by removing a mandatory feature because they figured they'd never need to use that feature for macOS. https://fudzilla.com/news/pc-hardwar...-security-flaw |
Thread Tools | |
| |