Skip to main content

Covert channel in Apple’s M1 is mostly harmless, but it sure is interesting

posted onMay 30, 2021
by l33tdawg
Arstechnica
Credit: Arstechnica

Apple's new M1 CPU has a flaw that creates a covert channel that two or more malicious apps—already installed—can use to transmit information to each other, a developer has found.

The surreptitious communication can occur without using computer memory, sockets, files, or any other operating system feature, developer Hector Martin said. The channel can bridge processes running as different users and under different privilege levels. These characteristics allow for the apps to exchange data in a way that can't be detected—or at least without specialized equipment.

Martin said that the flaw is mainly harmless because it can't be used to infect a Mac and it can't be used by exploits or malware to steal or tamper with data stored on a machine. Rather, the flaw can be abused only by two or more malicious apps that have already been installed on a Mac through means unrelated to the M1 flaw. Still, the bug, which Martin calls M1racles, meets the technical definition of a vulnerability. As such, it has come with its own vulnerability designation: CVE-2021-30747.

Source

Tags

Apple Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th