Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Asahi Linux Dev Reveals "M1RACLES" Flaw in Apple M1, Pokes Fun at Similar Flaws

posted by martyb on Friday May 28 2021, @04:00AM   Printer-friendly
from the they-chose-poorly dept.
Security

takyon writes:

Asahi Linux Dev Reveals 'M1RACLES' Flaw in Apple M1, Pokes Fun at Similar Flaws

Asahi Linux developer Hector Martin has revealed a covert channel vulnerability in the Apple M1 chip that he dubbed M1RACLES, and in the process, he's gently criticized the way security flaws have started to be shared with the public.

Martin's executive summary for M1RACLES sounds dire: "A flaw in the design of the Apple Silicon 'M1' chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange. [...] The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision." (Emphasis his.)

He also noted that this was the result of an intentional decision on Apple's part. "Basically, Apple decided to break the ARM spec by removing a mandatory feature, because they figured they'd never need to use that feature for macOS," he explained. "And then it turned out that removing that feature made it much harder for existing OSes to mitigate this vulnerability." The company would have to make a change on the silicon level with its followup to the M1 to mitigate this flaw.

Original Submission

This discussion has been archived. No new comments can be posted.
Asahi Linux Dev Reveals "M1RACLES" Flaw in Apple M1, Pokes Fun at Similar Flaws | Log In/Create an Account | Top | 5 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 3, Interesting) by Anonymous Coward on Friday May 28 2021, @05:03AM (3 children)

    by Anonymous Coward on Friday May 28 2021, @05:03AM (#1139551)

    Seriously, read the website for this expoilt. It includes many gems:

    Was this responsibly disclosed?
    I tried, but I also talked about it on public IRC before I knew it was a bug and not a feature, so I couldn't do much about that part. ¯\_(ツ)_/¯

    Can this be exploited from Java apps?
    Wait, people still use Java?

    But it also has some meat too:

    So you're telling me I shouldn't worry?
    Yes.

    What, really?
    Really, nobody's going to actually find a nefarious use for this flaw in practical circumstances. Besides, there are already a million side channels you can use for cooperative cross-process communication (e.g. cache stuff), on every system. Covert channels can't leak data from uncooperative apps or systems.

    Actually, that one's worth repeating: Covert channels are completely useless unless your system is already compromised.

    • (Score: 2) by DECbot on Friday May 28 2021, @02:25PM (1 child)

      by DECbot (832) on Friday May 28 2021, @02:25PM (#1139631) Journal

      What are you worried about? Only the NSA will ever find a use for this.

      --
      cats~$ sudo chown -R us /home/base

      • (Score: 0) by Anonymous Coward on Friday May 28 2021, @08:57PM

        by Anonymous Coward on Friday May 28 2021, @08:57PM (#1139837)

        Thing is that the NSA doesn't need to use this. There are already thing they can use with higher bandwidth, harder to spot, not mitigatible as easily, and more robust.

    • (Score: 2) by choose another one on Friday May 28 2021, @06:47PM

      by choose another one (515) on Friday May 28 2021, @06:47PM (#1139794)

      2 + 2 = ???

      Apple: we protect your privacy, apps are no longer allowed to ship out your data wholesale over normal channels

      Hacker: oops, I found this covert channels thing baked into Apple silicon, posted about it before I knew it was a bug and not a feature

      Apple: bugger, that intentional-but-plausibly-deniable covert channels feature was spotted fast, do you think anyone will catch on to why it was there?

  • (Score: 0) by Anonymous Coward on Friday May 28 2021, @07:09AM

    by Anonymous Coward on Friday May 28 2021, @07:09AM (#1139571)

    ... they are simply clairvoyant.

(1)