Asahi Linux developer Hector Martin has revealed a covert channel vulnerability in the Apple M1 chip that he dubbed M1RACLES, and in the process, he's gently criticised the way security flaws have started to be shared with the public.
Martin's executive summary for M1RACLES makes it look pretty dire. He said that the flaw in the design of the Apple Silicon 'M1' chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.
The good part about it is that Apple baked the flaw into its silicon which means it cannot be fixed without a new silicon revision. Not that Apple minds, that just means that users will have to upgrade their machines for peace of mind, but since Apple wants that anyway it is a win-win for the fruity cargo cult if it even chooses to fix the problem at all.
What is more worrying is that Martin is even more cynical about Apple's motives than we are. He claimed that the flaw is a move by Apple to break the ARM spec by removing a mandatory feature because they figured they'd never need to use that feature for macOS.
However, it turned out that removing that feature made it much harder for existing OSes to mitigate this vulnerability.
The company would have to make a change on the silicon level with its follow-up to the M1 to mitigate this flaw.
Those few in the Tame Apple Press who have mentioned the flaw have said it is nothing to worry about because a covert channel affects two bits. They have literally dubbed it a "two-bit vulnerability".
However Martin said that transfer rates over 1 MB/s are possible "without many optimisations" but any malicious apps that might take advantage of such methods would be far more likely to share information via other channels.