Notebookcheck Logo

Apple’s M1 chip has an unfixable security flaw baked into the silicon

Apple's vaunted M1 chip has a flaw that can't be mitigated without a redesign. (Image: Apple)
Apple's vaunted M1 chip has a flaw that can't be mitigated without a redesign. (Image: Apple)
A software developer has uncovered a security flaw in Apple’s vaunted M1 SoC. The only fix for the issue would be for Apple to redesign the chip although the chances of the vulnerability being exploited maliciously are low.

Apple is well known for its stance on privacy and security. This was a message that it has been emphasising quite vehemently in its current court case with Epic, arguing that it should be permitted to maintain total control over the apps installed on an iPhone. As such, it is suprising to learn that there is a vulnerability baked into its custom M1 chip that can only be addressed with a chip revision.

The vulnerability was discovered by developer Hector Martin who has been working on porting Linux so it can run on the M1. Martin explains the issue:

A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.

The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.

The only scenario where Martin believes the M1 flaw could cause a serious issue is if malware has already found its way onto a user’s Mac. This could then communicate with other malware also installed on the same Mac. More likely to occur would be advertising companies exploiting the vulnerability for cross app tracking, something that Apple has been trying to lock out through its software. Martin points out that he has sent his findings to Apple which has acknowledged the issue and has assigned it the code CVE-2021-30747.

Buy the Apple M1 MacBook Air from Amazon.

Source(s)

Read all 7 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
.170
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2021 05 > Apple’s M1 chip has an unfixable security flaw baked into the silicon
Sanjiv Sathiah, 2021-05-29 (Update: 2021-05-29)