The developer Asahi Linux Hector Martin found a critical vulnerability in the Apple M1 chipset, which M1Racles called (English – Wonders). He noted that the vulnerability was the result of a solution consciously accepted by Apple. According to him, the company decided to violate the ARM specifications, deleting one of the mandatory functions. Apple obviously believed that this component would never need MacOS.
Martin said that the disadvantage in the design of the M1 chip allows any two applications running in the OS, secretly exchange absolutely any data, without using memory, sockets, files, or any other familiar attributes. Vulnerability works with processes running on behalf of different users, with different levels of privileges, creating a hidden channel for secret data exchange. The developer focuses on the fact that the vulnerability is due to the hardware features of the chip and cannot be corrected programmatically.
Nevertheless, Martin reassured computers on the basis of the CAIP M1 in that the data width of the data exchange does not exceed two bits. It can be expanded to 1 MB / s, but any malicious applications that can implement such a method with a much greater probability will use other channels in order to share the data. Of course, this is a real shortcoming security, but it is hardly a threat to Apple customers. In any case, so far.
Martin admitted that vulnerability, although real, is not terrible at all, and he simply decided to “hayput” at the most recent information security theme. He created a website dedicated vulnerability, came up with a memorable name for her and even painted a logo. However, the developer itself says that the fact that the vulnerabilities have a website on which the news regularly does not mean that it represents a real threat. He noted that his words concern not only M1RACLES, but also many other vulnerabilities, the danger of which is overstated due to excessive hype in the media.