Apple’s new M1 The CPU has a bug that creates a hidden path that two or more problematic programs – which are already broken – can be used to send each other messages, the manufacturer found.
Confidential communication can take place without the use of computer memory, holes, files, or any other user interface, the manufacturer Hector Martin He said. The method is able to integrate the processes that different users experience and in different ways. These features allow the software to exchange data in an anonymous way or without special tools.
Martin said the error was not serious because it could not be used to infect a Mac and may not be used by any malware or malware to steal or tamper with what is stored on the machine. Instead, the error can be misused by two or more apps that were already installed on the Mac via methods not compatible with the M1 error.
However, the virus, which Martin calls M1racles, fulfills the technical meaning of a risk. As such, it has come with its own name at risk: CVE-2021-30747.
“It violates the OS’s security type,” Martin explained in message published Wednesday. “You don’t have to send data from one channel to another in secret. And even if you have no problem with that, you don’t have to write CPU-type scripts from users either.”
Some researchers with expertise in CPU and other silicon-based security agree with this.
“The piece that was found can’t be used to explain much about what can be used on a machine,” said Michael Schwartz, one of the researchers who helped find the most complex. Melted and Specter Defects in Intel, AMD, and ARM CPUs. “It can be used as a means of communication between two bad (bad) jobs.”
He goes on to explain:
The risk is similar to an anonymous “mailbox”, which allows the two apps to send each other messages. This seems to be more or less the case in some professions, and there is no better way to protect yourself. However, since no other application is using the “mailbox”, no data or metadata of other functions are output. For this reason there are limits, which can be used as a connection method between two programs running on macOS. However, there are already many ways to use connections (files, pipes, holes, …), that one-way is not a security breach. However, it is a virus that can be misused as an unplanned communication method, which is why I think it is better to call it risk.
Hiding can be especially useful on iPhones, Martin said, as it can be used beyond the sandboxing of iOS apps. Under normal circumstances, a malicious software program has no way of launching a printer because such programs do not have internet access. The concealed container protects this security by sending the printer to another malicious program, which can be sent online.
Even so, the possibility of the two apps being able to further Apple’s monitoring and implementation on the devices they are monitoring is unlikely.
The error stems from a single-party registry in ARM CPUs that are available with Send, a type that is reserved for users and thus has a lower functionality. In this account there are two bits that can be read or written. This creates a cover-up, as the registry can be accessed simultaneously with all the cores in the screen.
Martin wrote:
The two compatible methods can create a solid path from the two parts, using a clock and data (for example, one side writes 1x to send data, the other side writes 00 to request the next part). This allows the system to adjust the amount of information, bound by the CPU on top of it. Intimate CPU adjacent CPUs can be used to ensure that both paths are configured in a single CPU group. PoC indicator for this method to achieve maximum speed, strong transfer is available Pano. This method, without much optimization, can achieve prices greater than 1MB / s (less data deletion).
