Apple M1 Vulnerability Can Only Be Fixed By Changing Hardware Architecture

M1 Macs

Apple’s new M1 chip has a security hole that can only be remedied by changing the hardware architecture. The discoverer of the problem does not use his find to point a finger at Apple but at the security industry.

Hector Martin, who actually works as a Linux developer, took an example from various other security researchers recently. He gave the bug he found an eye-catching name, designed a stylish logo, and dedicated a website to the vulnerability. Much like security problems like Heartbleed, Meltdown, and Specter.

However, he rather wants to joke about marketing in the security industry. From his point of view, many security researchers are increasingly concerned with generating fame and marketing effects instead of solving a problem with factual information. The latter would work better with a focus on the CVE database entries and sober information transfer to those affected, says Martin.

To illustrate the absurdity of the latest trend, he has exaggerated it a little. He named the security hole he found M1RACLES and dedicated its logo and website. This creates the impression that you are dealing with a rather serious problem.

The Sercurity Bug Is Real

The thing shouldn’t be misunderstood: there is actually a flaw in Apple’s new M1 chips that can cause some problems. Because when developing the new SoCs, the computer company switched off a feature in the ARM architectures that were not required for macOS and thereby caused the bug in the first place.

The vulnerability enables two applications to exchange data directly between their CPU processes – regardless of which user and with which rights they are running. This avoids the detour via the controlled paths that the operating system makes available with the working and permanent memory.