Communications of the ACM
Apple’s M1 Chip Has a Fascinating Flaw
The flaw in Apple's new M1 CPU chip violates the OS security model," wrote developer Hector Martin in a blog post. "You're not supposed to be able to send data from one process to another secretly. And even if harmless in this case, you're not supposed to
Credit: Brendon Thorne/Bloomberg/Getty Images
Apple's new M1 CPU has a flaw that creates a covert channel that two or more malicious apps—already installed—can use to transmit information to each other, a developer has found.
The surreptitious communication can occur without using computer memory, sockets, files, or any other operating system feature, developer Hector Martin said. The channel can bridge processes running as different users and under different privilege levels. These characteristics allow for the apps to exchange data in a way that can't be detected—at least not without specialized equipment.
Martin said the flaw is mainly harmless, because it can't be used to infect a Mac, and it can't be used by exploits or malware to steal or tamper with data on a machine. It can only be abused by two or more malicious apps that have already been installed on a Mac through means unrelated to the M1 flaw.
From Wired
View Full Article
No entries found