Security News > 2021 > May > Unfixable Apple M1 chip bug enables cross-process chatter, breaking OS security model

Unfixable Apple M1 chip bug enables cross-process chatter, breaking OS security model
2021-05-27 01:38

Apple's Arm-based M1 chip, much ballyhooed for its performance, contains a design flaw that can be exploited to allow different processes to quietly communicate with one another, in violation of operating system security principles.

Martin has published a proof-of-concept script to demonstrate how to read and write data to the overly talkative system register and a proof-of-concept script for setting up a covert channel on an M1 system.

The vulnerability can be dealt with by using a virtual machine, because hypervisors disable guest access to the vulnerable register by default, but otherwise there aren't a lot of good options, particularly on macOS. "Mitigating the problem requires running your OS at EL1, where the problem register can be disabled, and then having at least some kind of minimal hypervisor at EL2 to deal with those traps," explains Martin.

The Register asked Apple whether a fix is planned prior to its next M1 release, said to be designated M1X and expected to power a future MacBook Pro update ... This moment of silence has been brought to you by Apple media relations.

Martin speculates the M1 system register at issue wasn't intended to be accessible at EL0 and thus would be considered silicon errata, a hardware design mistake.

"Apple has acknowledged the flaw, but I highly doubt it is fixed in the next silicon iteration; it's too quick for that," he told The Register.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/05/27/apple_m1_chip_bug/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110