Apple’s M1 chip has an unfixable security flaw baked into the silicon
Apple is well known for its stance on privacy and security. This was a message that it has been emphasising quite vehemently in its current court case with Epic, arguing that it should be permitted to maintain total control over the apps installed on an iPhone. As such, it is suprising to learn that there is a vulnerability baked into its custom M1 chip that can only be addressed with a chip revision.
The vulnerability was discovered by developer Hector Martin who has been working on porting Linux so it can run on the M1. Martin explains the issue:
A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.
The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.
The only scenario where Martin believes the M1 flaw could cause a serious issue is if malware has already found its way onto a user’s Mac. This could then communicate with other malware also installed on the same Mac. More likely to occur would be advertising companies exploiting the vulnerability for cross app tracking, something that Apple has been trying to lock out through its software. Martin points out that he has sent his findings to Apple which has acknowledged the issue and has assigned it the code CVE-2021-30747.
Are you a techie who knows how to write? Then join our Team! Wanted:
- News translator (DE-EN)
- Review translation proofreader (DE-EN)
Details here