The M1 chips developed by Apple suffer from a security flaw. Called M1RACLES by the developer who discovered it, the breach allows two applications to communicate and exchange data without going through a macOS function. The researcher believes that the flaw is not very dangerous and should not be corrected by Apple.
–
Hector Martin, developer and researcher in computer security, discovered a security flaw in the architecture of ARM processors designed by Apple Silicon, the famous M1 chips. Entitled M1RACLES, for “M1ssing Register Access Controls Leak EL0 State”, the breach concerns all devices powered by an M1 processor, such as the iMac 2021, the iPad Pro 2021, the latest MacBook Air and MacBook Pro.
“A flaw in the design of the Apple Silicon M1 chip allows any two applications running an operating system to secretly exchange data with each other, without using memory, sockets, files or other normal functionality of the system. operating system” Hector Martin explains on the website posted about the flaw.
A security flaw that Apple shouldn’t fix
If the researcher admits that the severity of the flaw remains moderate, he concedes that it could theoretically allow two malicious software, already present on the machine, to exchange data without triggering an alert. Additionally, the flaw could allow an attacker to “Bypass some of the most stringent privacy protections” within Apple software.
Nevertheless, Hector Martin suggests that the breach is of very limited danger. Using it alone cannot really put Apple computers at risk. As a precaution, the developer contacted the Cupertino company to inform it of its discovery.
On the same subject: the jailbreak with Checkra1n is now compatible with iOS 14.5 and Mac M1
The researcher notes that it is impossible for Apple to correct the breach with changes in the software of its operating system. Apple must imperatively intervene in the hardware of the chip. For now, there is no indication that Apple intends to correct this failure on the next chips of its own, the M2 processors. As the developer points out, there is no real cause for concern.
–