Table of Contents
Apple M1 chips have been found to have an embedded flaw that poses low- risk vulnerability goes by the name of M1RACLES is a vulnerability.
What’s Apple’s M1 chip M1RACLES?
The vulnerability codename was M1RACLES, that presently tracked as CVE-2021-30747. Asahi Linux, a project that ports Linux to Mac, discovered it through Hector Martin, a software engineer.
According to Martin,
The vulnerability exposed two apps running on the same machine, allowing them to exchange data using a hidden channel at the CPU level, circumventing memory, sockets, files, and other standard operating system features.
Since the discovery is not helpful to attackers because of the amount of time, work, and knowledge is required to discover bugs in a CPU’s physical design. CVE-2021-30747 is assigned to the vulnerability codenamed M1RACLES.
Martin thinks that dodgy advertising companies could take advantage of this bug by utilizing an app that is already installed on the M1-based device for cross-app tracking.
This would be a very peculiar use of this data since advertising has plenty of other reliable ways of collecting data.
Martin believes the M1RACLES bug was caused by a human error on Apple’s M1 chip design team.
Even though it violated the OS security model by allowing CPU processes to send data over a secret channel.
Apple made a mistake during the silicon design process. Occasionally, it happens. Engineering is a human endeavor,” he said. Apple has yet to respond to Martin’s discovery of the flaw, although he has informed Apple of his discovery.
Martin revealed and debunked his own findings on a dedicated website that ridiculed similar sites developed in the past to advertise CPU vulnerabilities many of which, like M1RACLEs, were similarly meaningless and insignificant to people’s threat models.
Martin suggests iOS development could be exploited to breach privacy protections by using a malicious keyboard app that is able to transmit typed text to a malicious app that could then download the information.
Although he suggests that App Store submissions could be subject to static analysis since Apple can’t create code at runtime.
A virtual machine can mitigate this flaw, but there aren’t many other solutions, especially on macOS. By default, hypervisors disable guest access to the vulnerable registers.