In the recent Apple developments, a particular security researcher has detected a primary security vulnerability called M1RACLEs in Apple M1 chips which does not have the ability to be fixed barring a silicon redesign.
M1RACLEs- Apple M1 primary vulnerability
Dubbed as CVE-2021-30747, the vulnerability was discovered by Asahi Linux software engineer Hector Martin, when it was named M1RACLEs.
Hector Martin has provided that the M1RACLEs bug is a low-risk bug that is not of any consequence.
Detailing the Apple M1 vulnerability, Martin noted that the bug facilitated two of the apes operating on the same device to exchange data between each other via a secret channel.
This channel is at the CPU level, without utilizing memory, sockets, files, or any other normal operating system.
Not too severe:
Martin also notes that while the discovery of the Apple M1 bug is severe, taking into consideration the level of work, information, and expertise required to find such bugs in a CPU’s hardware, the M1RACLEs bug is not vital for threat actors in any way.
One of the only possible exploitation of the Apple M1 chip’s newest bug is in a scenario where shady companies could abuse an app that they may have already installed on a user’s Apple M1 device for cross-app tracking, but even this case would be far-fetched since there are other, advanced ways to do so.
Although the M1RACLEs bug violates the OS security model by allowing a CPU process to send data to another CPU process via a secret channel, Martin said he believed the bug was the result of a human error on the part of Apple’s M1 design team.
Reportedly, Apple has been notified about the M1RACLEs bug however, it is unclear if the tech giant plans to fix it in the future versions of M1 chip silicons.