iPad Pro's M1 chip has an unfixable security flaw
Apple's Arm-based M1 chip that powers the new iPad Pros and the latest MacBook Air, MacBook Pro, Mac mini, and iMac has a security flaw, according to developer Hector Martin.
The vulnerability exists at the hardware level of the M1 and is unfixable. Apple appears to have violated an Arm architecture specification requirement which means there is no easy way of mitigating it. The flaw basically lets two applications covertly exchange data without using normal operating system features.
Thankfully, the vulnerability does not pose any serious security risks and at worst, it could be used by advertisers for cross-app tracking. Martin says it cannot be used by bad actors to take over your device or steal your private information.
Still, a flaw is a flaw, and this particular issue violates the OS security model. It affects all M1 devices and supposedly the iPhone 12 series too because the A14 Bionic is based on the same CPU microarchitecture as the M1.
Yes.
What, really?
Really, nobody's going to actually find a nefarious use for this flaw in practical circumstances. Besides, there are already a million side channels you can use for cooperative cross-process communication (e.g. cache stuff), on every system. Covert channels can't leak data from uncooperative apps or systems.
Actually, that one's worth repeating: Covert channels are completely useless unless your system is already compromised.
The only fix available is to run the entire operating system as a virtual machine (VM), but that would be overcautious and an unnecessary waste of resources.
The flaw is also expected to affect the next generation of the M1 chip but might get fixed in the one after that. This implies that the M1X chip that will reportedly power the next MacBook Pro will also have the vulnerability.
Apple has been made aware of the issue and the company has acknowledged it.
iPhone 12's A14 has also been affected, but you shouldn't be worried
The vulnerability exists at the hardware level of the M1 and is unfixable. Apple appears to have violated an Arm architecture specification requirement which means there is no easy way of mitigating it. The flaw basically lets two applications covertly exchange data without using normal operating system features.
Still, a flaw is a flaw, and this particular issue violates the OS security model. It affects all M1 devices and supposedly the iPhone 12 series too because the A14 Bionic is based on the same CPU microarchitecture as the M1.
From FAQs on Martin's website
So what's the real danger?
If you already have malware on your computer, that malware can communicate with other malware on your computer in an unexpected way.Chances are it could communicate in plenty of expected ways anyway.
That doesn't sound too bad.
Honestly, I would expect advertising companies to try to abuse this kind of thing for cross-app tracking, more than criminals. Apple could catch them if they tried, though, for App Store apps.
So you're telling me I shouldn't worry?
Yes.
What, really?
Really, nobody's going to actually find a nefarious use for this flaw in practical circumstances. Besides, there are already a million side channels you can use for cooperative cross-process communication (e.g. cache stuff), on every system. Covert channels can't leak data from uncooperative apps or systems.
Actually, that one's worth repeating: Covert channels are completely useless unless your system is already compromised.
The only fix available is to run the entire operating system as a virtual machine (VM), but that would be overcautious and an unnecessary waste of resources.
The flaw is also expected to affect the next generation of the M1 chip but might get fixed in the one after that. This implies that the M1X chip that will reportedly power the next MacBook Pro will also have the vulnerability.
Apple has been made aware of the issue and the company has acknowledged it.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: