Security News > 2021 > May > Unfixable Apple M1 chip bug enables cross-process chatter, breaking OS security model
Apple's Arm-based M1 chip, much ballyhooed for its performance, contains a design flaw that can be exploited to allow different processes to quietly communicate with one another, in violation of operating system security principles.
Martin has published a proof-of-concept script to demonstrate how to read and write data to the overly talkative system register and a proof-of-concept script for setting up a covert channel on an M1 system.
The vulnerability can be dealt with by using a virtual machine, because hypervisors disable guest access to the vulnerable register by default, but otherwise there aren't a lot of good options, particularly on macOS. "Mitigating the problem requires running your OS at EL1, where the problem register can be disabled, and then having at least some kind of minimal hypervisor at EL2 to deal with those traps," explains Martin.
The Register asked Apple whether a fix is planned prior to its next M1 release, said to be designated M1X and expected to power a future MacBook Pro update ... This moment of silence has been brought to you by Apple media relations.
Martin speculates the M1 system register at issue wasn't intended to be accessible at EL0 and thus would be considered silicon errata, a hardware design mistake.
"Apple has acknowledged the flaw, but I highly doubt it is fixed in the next silicon iteration; it's too quick for that," he told The Register.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/05/27/apple_m1_chip_bug/
Related news
- GoFetch security exploit can't be disabled on M1 and M2 Apple chips (source)
- New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys (source)
- New GoFetch Vulnerability in Apple’s M Chips Allows Secret Keys Leak on Compromised Computers (source)
- Hardware Vulnerability in Apple’s M-Series Chips (source)
- Apple's GoFetch silicon security fail was down to an obsession with speed (source)