"A malicious pair of cooperating processes may build a robust channel out of this two-bit state, by using a clock-and-data protocol (e.g. one side writes 1x to send data, the other side writes 00 to request the next bit)," explains Hector Martin, founder and project lead of Ashai Linux, in his vulnerability disclosure. "This allows the processes to exchange an arbitrary amount of data, bound only by CPU overhead."Affected platforms include macOS Big Sur and Linux v5.13+ on the M1 SoC, as well as the iOS and iPadOS via the A14 SoC. While it sounds ominous, the flaw does not appear to be particularly dangerous. Without other malware present, the vulnerability can't be exploited on its own.
The cross-talk isn't particularly fast – data transfer rate is said to be a bit more than 1MB/s. Other information leakage side channels are often similarly slow.
Apple M1 SoC has an unfixable bug -- but it's nothing to worry about
Posted on Thursday, May 27 2021 @ 15:52 CEST by Thomas De Maesschalck