M1 security vulnerability baked into chip, but researcher says it doesnt matter

An M1 security vulnerability has been discovered that likely cannot be mitigated by Apple, but the researcher who found it says it’s not something we need to worry about …

Here’s Hector Martin’s description of it:

A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.

The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.

He also posted an amusing video proof of concept (below).

However, it’s unlikely to be anything any M1 Mac owner need be concerned about. Martin said that the worst-case scenario here would be that ad companies might try to exploit this kind of flaw for cross-app tracking.

Indeed, the security researcher went as far as putting a prominent link at the top of the webpage that links to the section of the FAQ telling people not to worry. It makes for fun reading!

Can malware use this vulnerability to take over my computer?

Can malware use this vulnerability to steal my private information?

Can malware use this vulnerability to rickroll me?
Yes. I mean, it could also rickroll you without using it.

Can this be exploited from Javascript on a website?

Can this be exploited from Java apps?
Wait, people still use Java?

Can this be exploited from Flash applets?
Please stop.

Can I catch BadBIOS from this vulnerability?

Wait, is this even real?
It is.

So what’s the real danger?
If you already have malware on your computer, that malware can communicate with other malware on your computer in an unexpected way. Chances are it could communicate in plenty of expected ways anyway.

That doesn’t sound too bad.
Honestly, I would expect advertising companies to try to abuse this kind of thing for cross-app tracking, more than criminals. Apple could catch them if they tried, though, for App Store apps. Wait. Oh no. Some game developer somewhere is going to try to use this as a synchronization primitive, aren’t they. Please don’t. The world has enough cursed code already. Don’t do it. Stop it. Noooooooooooooooo […]

So what’s the point of this website?
Poking fun at how ridiculous infosec clickbait vulnerability reporting has become lately. Just because it has a flashy website or it makes the news doesn’t mean you need to care. If you’ve read all the way to here, congratulations! You’re one of the rare people who doesn’t just retweet based on the page title 🙂

Source: 9to5mac.com