Apple’s M1 and A14 Chips have an unfixable security flaw, but you need not worry too much about it | Digit

By Kevin Colleran On May 27, 2021

ARM-based M1 Chip, the first Apple-designed SoC developed for Macs and the iPad Pro, has a security vulnerability that allows two applications to covertly exchange data between them without going through proper channels. The vulnerability was accidentally spotted by a developer, Hector Martin, while he was working on porting Linux to the M1. He says that the flaw exists at the hardware level and can not be fixed by a software update. Apple was notified of the issue 90-days prior to the developer making the issue public and has already acknowledged it.

Hector, however, notes that this flaw isn’t something users need to worry about.

Here’s how the developer describes it:

“A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.

The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.”

Users need not worry

The cause appears to be Apple violating an AMR specification requirement. At worst the flaw can be exploited by advertising companies for cross-app tracking. Users don’t have to really worry about malware exploiting this to take over their devices or steal their data.

Martin also has a proof-of-concept video on his website that demonstrates that the covert channel can be used to transfer enough data to stream a video in real-time with few or no glitches.

The flaw also affects iPhone 12 series that’s powered by A14 Bionic, since both the A14 and M1 are based on the same micro-architecture. The flaw is also expected to affect the next generation M1X chip that will reportedly be used in the upcoming MacBook Pro. It’s likely to get fixed in the iteration following that.

Stay connected with us on social media platform for instant update click here to join our T witter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechiLive.in is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.