Apple’s new M1 chips have an unfixable vulnerability, but the developer who found it says not to worry.
The M1 chip is based on the Arm architecture, and is the continuation of the A-series chips Apple has used in the iPhone and iPad for years. Apple has been transitioning the Mac platform to the M1, and has incorporated it in the 2021 iPad Pro as well.
Developer Hector Martin has discovered a flaw in the M1 that allows two apps to secretly communicate with each other — all without the normal oversight the OS would provide.
A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.
To make matters worse, Martin says the bug cannot be fixed with a software update, and will require a change in the upcoming versions of the M1 and its successors.
Despite the dire-sounding nature of the bug, Martin says the actual impact is minimal. The vulnerability cannot be used to commandeer a machine, or steal private data. The only real-world danger is that a malware program could communicate with other malware on the same computer. Of course, as Martin points out, if a computer is already compromised with malware, two instances of malware communicating are probably the least of your concerns.
Really, nobody’s going to actually find a nefarious use for this flaw in practical circumstances. Besides, there are already a million side channels you can use for cooperative cross-process communication (e.g. cache stuff), on every system. Covert channels can’t leak data from uncooperative apps or systems.
Actually, that one’s worth repeating: Covert channels are completely useless unless your system is already compromised.