A flaw in the design of the Apple Silicon M1 processor is burned in, but how serious is it?
The bug “allows any two applications running on the same operating system to covertly exchange data between them,” according to a report (via The Register).
The report goes on to say that the vulnerability “is burned into Apple silicon chips” and “cannot be fixed without a new silicon revision.”
Other highlights from Hector Martin, founder and project manager of Ashai Linux, who wrote about the bug are:
How was this bug reported?
“I sent an email to [email protected] You have identified the vulnerability and assigned CVE-2021-30747. I made this disclosure 90 days after the initial disclosure to Apple, ”says Martin.
((All questions and quotes are excerpts from Martin’s contribution.)
Should you be worried?
Are you concerned
“Probably … MacOS users: At least versions 11.0 and higher are affected.”
Can malware use this vulnerability to take over your computer?
Can malware use this vulnerability to steal private information?
So what’s the real danger?
“If you already have malware on your computer, that malware can communicate with other malware on your computer in unexpected ways. Chances are, it can communicate in many expected ways anyway. ”
But is that really dangerous?
“Really, no one is going to find a nefarious use for this bug under any practical circumstances. Plus, there are already a million side channels that you can use on any system. Covert channels cannot lose data not cooperative Apps or systems. “
“It’s actually worth repeating: Covert channels are completely useless unless your system is already compromised.”
Summary: a note on errata
All chips have bugs like the ones described above called “errata”, but you usually don’t hear about them. Occasionally, some make the news like Intel’s infamous Pentium FDIV bug. In general, however, they either remain uninteresting (i.e. not harmful) or are handled by chip manufacturers without making them available to the public.
See this very long list of errata (PDF) on an Intel processor for reference.
Fortunately, if Martin hadn’t discovered this mistake and wrote about it, you wouldn’t be aware of it. Just like other errata you’ve never heard of. Whether you should be aware of the errata is another question.
I interviewed Apple and Hector Martin. Apple had no comment. I haven’t heard from Hector Martin yet.
* Full “summary” from the report: “A flaw in the design of the Apple Silicon ‘M1’ chip allows two applications running on one operating system to covertly exchange data between them without memory, sockets, files, or other normal applications to use operating system functions. This works between processes that run as different users and with different authorization levels, and creates a covert channel for covert data exchange. “
Comments can be sent via direct message to “twitter.com/mbrookec”.