Posted on Thursday, May 27 2021 @ 15:52 CEST by Thomas De Maesschalck
The Register
reports Hector Martin, founder and project lead of Ashai Linux, discovered an unfixable security vulnerability in the Apple M1 SoC. The flaw allows different processes to secretly communicate with one another, in a way that breaks the macOS security model.
"A malicious pair of cooperating processes may build a robust channel out of this two-bit state, by using a clock-and-data protocol (e.g. one side writes 1x to send data, the other side writes 00 to request the next bit)," explains Hector Martin, founder and project lead of Ashai Linux, in his vulnerability disclosure. "This allows the processes to exchange an arbitrary amount of data, bound only by CPU overhead."
The cross-talk isn't particularly fast – data transfer rate is said to be a bit more than 1MB/s. Other information leakage side channels are often similarly slow.
Affected platforms include macOS Big Sur and Linux v5.13+ on the M1 SoC, as well as the iOS and iPadOS via the A14 SoC. While it sounds ominous, the flaw does not appear to be particularly dangerous. Without other malware present, the vulnerability can't be exploited on its own.
