A security researcher has discovered the first-ever vulnerability in Apple M1 chips that cannot be fixed without a silicon redesign.
The good news is that the bug is considered low-risk, and even the security researcher who discovered it considers the vulnerability inconsequential and has tried to avoid overhyping the issue when discussing his finding.
Discovered by Hector Martin, a software engineer at Asahi Linux, a project that works on porting Linux for Mac hardware, the vulnerability was codenamed M1RACLES and is currently tracked as CVE-2021-30747.
In a simplified explanation, Martin said the bug allowed two apps running on the same device to exchange data between one another via a secret channel at the CPU’s level, without using memory, sockets, files, or any other normal operating system features.
While the discovery is significant due to the level of work, knowledge, and expertise needed to discover bugs in a CPU’s hardware design, Martin said the bug is not useful to attackers in any way.
The only way Martin could see this bug being exploited would be by shady advertising companies, which could abuse an app they already had installed on a user’s M1-based device for cross-app tracking, although even this would be a pretty wild scenario since the ad industry has many other more reliable data collection methods.
Although the M1RACLEs bug violates the OS security model by allowing a CPU process to send data to another CPU process via a secret channel, Martin said he believed the bug was the result of a human error on the part of Apple’s M1 design team.
“Someone in Apple’s silicon design team made a boo-boo. It happens. Engineers are human,” he said.
Martin said he notified Apple of his findings, but the company did not say if they plan to fix the bug in future versions of M1 chip silicons.
Earlier today, Martin disclosed and debunked his own findings on a dedicated website that poked fun at similar sites created in the past to promote CPU vulnerabilities—many of which were similarly useless and unimportant to people’s threat models, just as M1RACLEs.