M1-powered iPad Pro, MacBook, and iMac may have a security flaw that Apple cannot fix easily
A developer claims to have found a security flaw in the latest M1-powered iPad Pro, iMac, MacBook Pro, MacBook Air, and Mac mini that Apple cannot fix without a revision. Hector Martin, who is popular for porting Linux to a range of devices, has written an expansive article, underscoring a vulnerability on the M1 chipset that Apple launched ambitiously last year in a bid to outstrip Intel chipsets. This security is at the hardware level, and that is why it is impossible for Apple to fix it with just a software update. A chipset revision is needed if Martin is to be believed.
In his findings, Martin noted that, with the M1 chipsets, Apple violated the Arm architecture specification requirement, and there is nothing that it can do without a do-over. This security flaw is alarming because it lets two apps on an M1-powered device secretly exchange data without using normal operating system features, including memory, sockets, or files. “This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange,” Martin wrote.
Although the vulnerability is not posing any threat, such as a malware attack, to Apple’s M1-powered devices, it can be used as a covert channel for the transfer of information that may find use in cross-app tracking by advertisers. Martin has said this vulnerability cannot be leveraged by hackers to inject malware or steal user information from the devices running the M1 processor.
However, an existing malware on your machine can communicate with other apps in an “unexpected way.” The ramifications of that are not clear right now. The flaw essentially creates a covert channel on all M1-powered devices, including the latest iPad Pro and the iMac, but, according to Martin, “covert channels are completely useless unless your system is already compromised.”
While that is both a bit of good news and a relief, a flaw is still a flaw, and the worst part here is that no software update can fix this, at least not at this point. It does give advertisers an open window to surreptitiously cross-track apps, but Apple may catch these advertisers if their apps were downloaded through the App Store on iPad or Mac.
Martin has a temporary fix though. According to him, running the entire operating system on a virtual machine (VM) can help minimise the risk. That is because VMs use correctly implemented hypervisors, which are programmes used to run and manage virtual machines, to disable guest access by default. Installing a VM is a tedious process, and not everyone has the required know-how, which is why the onus of mitigating this flaw lies with Apple.
In his report, Martin has claimed he told Apple about the issue 90 days before disclosing it publicly through his platform. And he claims to not have information on what Apple’s plans are regarding this M1-related vulnerability.