iPad Pro's M1 chip has an unfixable security flaw
iPhone 12's A14 has also been affected, but you shouldn't be worried
The vulnerability exists at the hardware level of the M1 and is unfixable. Apple appears to have violated an Arm architecture specification requirement which means there is no easy way of mitigating it. The flaw basically lets two applications covertly exchange data without using normal operating system features.
Thankfully, the vulnerability does not pose any serious security risks and at worst, it could be used by advertisers for cross-app tracking. Martin says it cannot be used by bad actors to take over your device or steal your private information.
Still, a flaw is a flaw, and this particular issue violates the OS security model. It affects all M1 devices and supposedly the iPhone 12 series too because the A14 Bionic is based on the same CPU microarchitecture as the M1.
The only fix available is to run the entire operating system as a virtual machine (VM), but that would be overcautious and an unnecessary waste of resources.
The flaw is also expected to affect the next generation of the M1 chip but might get fixed in the one after that. This implies that the M1X chip that will reportedly power the next MacBook Pro will also have the vulnerability.
Apple has been made aware of the issue and the company has acknowledged it.