Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Apple’s M1 chip has an unfixable security flaw baked into the silicon

Apple's vaunted M1 chip has a flaw that can't be mitigated without a redesign. (Image: Apple)
Apple's vaunted M1 chip has a flaw that can't be mitigated without a redesign. (Image: Apple)
A software developer has uncovered a security flaw in Apple’s vaunted M1 SoC. The only fix for the issue would be for Apple to redesign the chip although the chances of the vulnerability being exploited maliciously are low.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

English-Chinese-Translator - Details here

Apple is well known for its stance on privacy and security. This was a message that it has been emphasising quite vehemently in its current court case with Epic, arguing that it should be permitted to maintain total control over the apps installed on an iPhone. As such, it is suprising to learn that there is a vulnerability baked into its custom M1 chip that can only be addressed with a chip revision.

The vulnerability was discovered by developer Hector Martin who has been working on porting Linux so it can run on the M1. Martin explains the issue:

A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.

The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.

The only scenario where Martin believes the M1 flaw could cause a serious issue is if malware has already found its way onto a user’s Mac. This could then communicate with other malware also installed on the same Mac. More likely to occur would be advertising companies exploiting the vulnerability for cross app tracking, something that Apple has been trying to lock out through its software. Martin points out that he has sent his findings to Apple which has acknowledged the issue and has assigned it the code CVE-2021-30747.

Buy the Apple M1 MacBook Air from Amazon.

, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Source(s)

Read all 7 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Sanjiv Sathiah
Sanjiv Sathiah - Senior Tech Writer - 1231 articles published on Notebookcheck since 2017
I have been writing about consumer technology over the past ten years, previously with the former MacNN and Electronista, and now Notebookcheck since 2017. My first computer was an Apple ][c and this sparked a passion for Apple, but also technology in general. In the past decade, I’ve become increasingly platform agnostic and love to get my hands on and explore as much technology as I can get my hand on. Whether it is Windows, Mac, iOS, Android, Linux, Nintendo, Xbox, or PlayStation, each has plenty to offer and has given me great joy exploring them all. I was drawn to writing about tech because I love learning about the latest devices and also sharing whatever insights my experience can bring to the site and its readership.
contact me via: @t3mporarybl1p
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2021 05 > Apple’s M1 chip has an unfixable security flaw baked into the silicon
Sanjiv Sathiah, 2021-05-29 (Update: 2021-05-29)