One developer has highlighted a new security flaw in Mac devices powered by Apple‘s M1 chip. It’s a flaw that’s unfixable and could potentially be used maliciously, but the good news is that it likely won’t have any impact on the vast majority of users.
Apple first announced its M1 chip in November 2020, with the company shipping its first M1-powered devices that same month. As of June 2021, the M1 is now seen in the MacBook Air, 13-inch MacBook Pro, 24-inch iMac, Mac mini, and even the latest iPad Pro. The chip has been widely praised for its fast performance and impressive battery efficiency, but that’s not to say its journey has been perfect. This past February, for example, it was discovered that an infamous malware variant had been updated for the M1 chip to target users on Apple’s latest computers.
This latest report isn’t for a piece of malware that’s been discovered for M1 Macs, but rather a flaw with the design of the chip itself. As noted by developer Hector Martin, the flaw “allows two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system feature.” Because of the way M1 is designed and how processes for applications work, a “covert channel” is created where two applications can secretly send data back and forth to each other without the user ever being aware or consenting for it to happen.
That sounds pretty scary on the surface, but the good news is that it likely isn’t a serious issue for anyone. While a ‘covert channel’ comes off as something nefarious, Martin points out that it’s basically useless unless a computer is already compromised. Furthermore, a covert channel like this “can’t leak data from uncooperative apps or systems.” Martin says that, at its worst, this flaw could be used by advertising companies that are looking for more ways to force app tracking on users to deliver more targeted ads. But even then, it’s pointed out that Apple could easily detect and stop this activity for any apps from the App Store that try this.
Users could technically avoid the vulnerability by running their M1 Mac as a virtual machine, but that would result in substantial performance slowdowns that no one should have to put up with in day-to-day use. Especially considering how small of a threat this particular vulnerability is, there’s really no need to do anything special about it. A flaw of any kind is never ideal, however, so it’ll be interesting to see if Apple is able to patch this particular one with the upcoming M2 chip that’s expected later this year.
Source: Hector Martin
Read more: screenrant.com