Researcher found a security breach on Apple M1, requires hardware revision

The Apple M1 arrived to bring great improvements in performance and energy efficiency to Apple products. Apple is slowly revolutionizing the market of computers proving that ARM-based computers have a bright future in the industry. The chip certainly is known for performance, energy efficiency, and security. Well, apparently, security isn’t 100% granted. Today, a researcher named Hector Martin has revealed that there is a security breach in the chip. This breach allows applications to exchange information with each other on these devices.

The App M1 has a security issue that requires a new revised version

According to the researcher, the security breach allows two applications to exchange information with each other. The most impressive thing is that this exchange takes place without the use of files, memory, sockets, or other system resources through a hidden channel on the chip. Martin states that to correct this flaw it would be necessary to revise the entire design of the Apple M1. It would require the launch of a new revised version.

You can check out a humorous video where the hacker shows how two open applications can exchange information with each other. He shows how these apps explore the breach in real-time with a video being displayed when sent by one of them.

[embedded content]

However, users do not necessarily need to panic.. According to Marting, it is not possible to use this vulnerability to take control of the device, let alone steal information. Moreover, he states that the risk of it being triggered by a Javascript is zero.

On the other hand, the researcher was unable to determine how the malware used in the demonstration could communicate with other pests on the internet. However, the rise of damage, for now, is low. He even mentioned:

“Honestly, I would expect advertising companies to try to abuse this sort of thing in the Apple M1 to track apps, rather than criminals. Apple could catch them if they try, however, in the case of apps from the App Store: no-no-no-no. Some game developer somewhere is going to try to use this as a method of synchronization, isn’t it? Please do not do that. The world already has enough cursed code.”

Apple, of course, is yet to comment on the situation. In related news, the company is expected to bring a new version of its silicon during the WWDC 2021 which will be held in the next month. Could be the issues with security fixed in this new upgrade? Only time will tell.

Source/VIA :

Leave a Reply

Your email address will not be published. Required fields are marked *