Apple’s M1 chip has a vulnerability that can’t be patched without silicon patch, according to developer Hector Martin. The flaw allows for a covert channel that allows two malicious apps to talk to each other. However, unless your system is compromised by exploiting vulnerabilities or malware by other means. “Secret channels are completely useless,” Martin wrote in the first discovered blog post. As Technical Technician.
This vulnerability is harmless in itself. Because malware can’t use this vulnerability to steal or interfere with data residing on a Mac, however, “it violates the operating system’s security model,” Martin said. a secret process And although in this case it is not dangerous. You shouldn̵7;t write to random CPU systems registered from the user space either.”
without special equipment It can’t be detected when apps communicate through a covert channel, for example. As Technical Technician Note Such under-the-radar connections do not require an operating system feature. System memory, sockets, or files to work Apps can use covert channels to communicate. Even if they are used in different user profiles or with separate permission levels.
Martin suggests that the M1 (or another chip that enables passive tunneling) can be used in iPhones. This type of communication may have a greater impact on those devices. keyboard app on ios without internet Therefore, your information cannot be sent. In theory, a malicious person can send your button presses to another app through a secret channel. And then your data will be shared with the bad guys.
The hidden channel also allows apps to bypass cross-app tracking restrictions in iOS 14.5. However, as As Technical Technician pointed out that Apple had to approve two malicious apps. And the user must install both apps. So the chances of this happening are quite low.
The only way to prevent the passive tunneling from running on the M1 machine is to run your operating system as a virtual machine. which has a huge impact on performance Since there is a small chance that a passive tunnel will harm your Mac and a performance compromise, it might not be worth it to use macOS in a VM. Plus, you’ll have bigger fish to fry if your system is infected with malware. at least two pieces even if they don’t communicate with each other
Engadget has contacted Apple for comment.
All products recommended by Engadget are handpicked by our editorial team. independent of our parent company Some of our stories have affiliate links. If you bought something through one of these links: We may earn affiliate commissions.