Apple M1 vulnerability found

[Spindel]

Summary

A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.

 

Quotes

Quote

The ARM system register encoded as s3_5_c15_c10_1 is accessible from EL0, and contains two implemented bits that can be read or written (bits 0 and 1). This is a per-cluster register that can be simultaneously accessed by all cores in a cluster. This makes it a two-bit covert channel that any arbitrary process can use to exchange data with another cooperating process.

Quote

A malicious pair of cooperating processes may build a robust channel out of this two-bit state, by using a clock-and-data protocol (e.g. one side writes 1x to send data, the other side writes 00 to request the next bit). This allows the processes to exchange an arbitrary amount of data, bound only by CPU overhead. CPU core affinity APIs can be used to ensure that both processes are scheduled on the same CPU core cluster.

and lastly

Quote

So what's the real danger?

 

If you already have malware on your computer, that malware can communicate with other malware on your computer in an unexpected way.

Chances are it could communicate in plenty of expected ways anyway.

 

 

My thoughts

Last quote makes me basically go mehh about this particular vulnerability. But still good stuff like this are highlighted.

 

Sources

https://m1racles.com

[WolframaticAlpha]

I'd love to see the reactions of the people who were trashing on x86 for having vulnerabilities.

[Doug_Dangger]

I played around with the M1 MacBook Air at Costco and it was quite impressive.  They're selling it for $899 which is a little cheaper than other stores.  If it had 16GB of RAM and 1TB storage I'd have one by now.

[Guest]

9 minutes ago, WolframaticAlpha said:

I'd love to see the reactions of the people who were trashing on x86 for having vulnerabilities.

There are people who think ARM is invulnerable?

[WolframaticAlpha]

3 minutes ago, Doug_Dangger said:

I played around with the M1 MacBook Air at Costco and it was quite impressive.  They're selling it for $899 which is a little cheaper than other stores.  If it had 16GB of RAM and 1TB storage I'd have one by now.

The M1 is damn impressive. Such an insignificant vulnerability won't really prevent someone from getting an M1 machine

1 minute ago, Den-Fi said:

There are people who think ARM is invulnerable?

YES! They have been brainwashed

[Guest]

2 minutes ago, WolframaticAlpha said:

The M1 is damn impressive. Such an insignificant vulnerability won't really prevent someone from getting an M1 machine

YES! They have been brainwashed

That's.... something. People really will fanboy anything.

[Sweet Pea]

7 minutes ago, Den-Fi said:

That's.... something. People really will fanboy anything.

Relevant video, especially in the tech community. 

 

Video

[StDragon]

54 minutes ago, Den-Fi said:

That's.... something. People really will fanboy anything.

Is admiration for a piece of technology fanboyism? To me, being a fanboy is blatant astroturfing. 

 

That said, while the M1 is impressive, I have no desire to ever purchase anything from Apple other than the iPhone.

Edited May 26, 2021 by StDragon

[Guest]

1 minute ago, StDragon said:

Is admiration for a piece of technology fanboyism?

No.

[LAwLz]

56 minutes ago, Den-Fi said:

That's.... something. People really will fanboy anything.

I haven't seen anyone say Arm is invulnerable to exploits. I think that's probably Wolframatic making a strawman argument or projecting.

[Guest]

3 minutes ago, LAwLz said:

I haven't seen anyone say Arm is invulnerable to exploits. I think that's probably Wolframatic making a strawman argument or projecting.

Oh I know.

I was keeping that to myself lol.

[ScratchCat]

2 hours ago, WolframaticAlpha said:

I'd love to see the reactions of the people who were trashing on x86 for having vulnerabilities.

This is a much less dangerous vulnerability than Spectre or Meltdown. It requires two processes which want to communicate with each other via a covert channel. Meltdown and Spectre on the other hand allow the attacker to read the memory of a (possibly privileged) process which doesn't want to communicate with the attacker.

[Morgan MLGman]

2 hours ago, ScratchCat said:

This is a much less dangerous vulnerability than Spectre or Meltdown. It requires two processes which want to communicate with each other via a covert channel. Meltdown and Spectre on the other hand allow the attacker to read the memory of a (possibly privileged) process which doesn't want to communicate with the attacker.

Since everything is "hackable" and has security holes that we don't even know about, I believe the real question is: how are those vulnerabilities exploited - if there's a vulnerability that requires physical access to the machine to be used, then I think you've got more security problems than the vulnerability itself. But if such design issue can be used and executed remotely, then it becomes a large problem.

[jagdtigger]

That was quick.....

[jagdtigger]

1 minute ago, gabrielcarvfer said:

It probably can't be accessed with webassembly/javascript, so it shouldn't be as bad.

Keep in mind modern consoles get cracked open through the browser.....

[Sweet Pea]

16 minutes ago, jagdtigger said:

That was quick.....

I mean, there have been a few other M1 focused exploits. Not the first one by any means. 

 

15 minutes ago, gabrielcarvfer said:

It probably can't be accessed with webassembly/javascript, so it shouldn't be as bad.

I agree with this. If Apple hasn't already hasn't patched this in macOS 11.4, there should be a patch on the way with 11.5 coming soon. 

[Radium_Angel]

Thaaaaaaat's it! I"ve had it with this new fangled "technology" spewing data all over the place like a 2 dolla hooker.

I'm going back to my PDP-11!

[WhitetailAni]

5 minutes ago, Radium_Angel said:

Thaaaaaaat's it! I"ve had it with this new fangled "technology" spewing data all over the place like a 2 dolla hooker.

I'm going back to my PDP-11!

Too new. You gotta go back to punch cards if you want to be safe - you can't remotely connect to a piece of paper!

[Radium_Angel]

10 minutes ago, FakeKGB said:

Too new. You gotta go back to punch cards if you want to be safe - you can't remotely connect to a piece of paper!

Don't tempt me!

I swear to you I wi.....&*%(*&FD*&%daaaf (NO CARRIER)

[Spindel]

46 minutes ago, Science Officer Spock said:

I agree with this. If Apple hasn't already hasn't patched this in macOS 11.4, there should be a patch on the way with 11.5 coming soon. 

Doubt Apple can fix this

Quote

The only mitigation available to users is to run your entire OS as a VM.

But also to make it clear

Quote

So what's the real danger?

 

If you already have malware on your computer, that malware can communicate with other malware on your computer in an unexpected way.

Chances are it could communicate in plenty of expected ways anyway.

 

[Sweet Pea]

42 minutes ago, Spindel said:

Doubt Apple can fix this

But also to make it clear

 

Spectre also can't be fully patched on older Intel chips but there are/were mitigations an in attempt to secure devices. 

[pas008]

is there going to be a performance hit for patch or fix?

[mecarry30]

7 hours ago, WolframaticAlpha said:

I'd love to see the reactions of the people who were trashing on x86 for having vulnerabilities.

The most likely use of this vulnerability is to rickroll people.

[leadeater]

7 hours ago, Spindel said:

Last quote makes me basically go mehh about this particular vulnerability. But still good stuff like this are highlighted.

Also unless I'm wrong the data rate would be rather slow too.

 

Most useful use-case I can think of would be around avoiding AV detection but at some point you would actually have to interact with the rest of the system then it would get pinged.

[leadeater]

19 minutes ago, gabrielcarvfer said:

Doesn't seem to be the case. Their demo is literally streaming a video from a process to another using only that.

Damn, well I guess at a high enough clock rate single bits of data equates to a reasonably high data rate.