Apple’s M1 chip According to developer Hector Martin, the vulnerability has a vulnerability that cannot be fixed by chip revision. The vulnerability allows a secret channel, allowing two malicious applications to communicate with each other. However, unless your system is compromised by other ways of exploiting or malicious software, “secret channels are completely useless”, Martin Wrote in a blog post First discovered Technology studio.
According to the developer, the vulnerability itself is harmless because malware cannot use it to steal or interfere On mac. However, Martin said: “It violates the security model of the operating system.” “You should not be able to secretly send data from one process to another. Even in this case, it is harmless, and you should not be able to User space writes random CPU system registers.”
Without dedicated equipment, it is impossible to detect when apps communicate with each other through secret channels, because Technology studio notes. This kind of connection under the radar does not require operating system functions, system memory, sockets or files to run. Even if applications are running on different user profiles or separate privilege levels, they can communicate using secret channels.
Martin suggested that if M1 (or another chip that supports covert channels) is used in the iPhone, this communication method may have a greater impact on these devices. The keyboard app on iOS cannot access the internet, so it cannot transmit your input. In theory, a malicious user can send your keystrokes to another application through a secret channel, and then your input can be shared with bad actors.
Secret channels can also allow apps to bypass Cross-app tracking limitations in iOS 14.5.But due to Technology studio Pointed out that Apple must approve two malicious applications, and users must install two malicious software, so the chance of this happening seems very small.
The only way to prevent the secret channel from running on the M1 machine is to run the operating system as a virtual machine, which can severely affect performance. Considering that covert channels are harmful to your Mac and the possibility of performance compromises is small, choosing to run macOS in a VM may not be worth it. In addition, if your system has at least two malware, even if they cannot communicate with each other, you will have bigger fry to blow up.
Apple declined to comment on Engadget.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase goods through one of these links, we may receive a membership commission.