A security researcher found a flaw baked into M1 chips that could let any two apps to secretly exchange data, but says that most people donāt have to worry.
M1RACLES
Tracked as CVE-2021-30747, the flaw is ābakedā into the chip, meaning that it canāt be fixed with a software update. Here are the technical details:
The ARM system register encoded as s3_5_c15_c10_1 is accessible from EL0, and contains two implemented bits that can be read or written (bits 0 and 1). This is a per-cluster register that can be simultaneously accessed by all cores in a cluster. This makes it a two-bit covert channel that any arbitrary process can use to exchange data with another cooperating process.
In the FAQ section, the researcher, Hector Martin, it probably wonāt affect most, or any Mac users, saying: āIf you already have malware on your computer, that malware can communicate with other malware on your computer in an unexpected way.Ā Chances are it could communicate in plenty of expected ways anyway.ā
