A bug in the design of the Apple Silicon M1 processor is baked in but how serious is it?

The bug “allows any two applications running under an OS to covertly exchange data between them,” a report said (via The Register).

The report goes on to say that the vulnerability is “baked into Apple Silicon chips” and “cannot be fixed without a new silicon revision.”

Other highlights from Hector Martin, founder and project lead of Ashai Linux, who wrote about the bug include:

How was this bug disclosed?

“I e-mailed [email protected]. They acknowledged the vulnerability and assigned it CVE-2021-30747. I published this disclosure 90 days after the initial disclosure to Apple,” Martin says.

(All questions and quotes are excerpts from Martin’s post.)

Should you be worried?

“Probably not.”

Are you affected?

“Probably...macOS users: At least versions 11.0 and onwards are affected.”

Can malware use this vulnerability to take over your computer?

“No.”

Can malware use this vulnerability to steal private information?

“No.”

So what's the real danger?

“If you already have malware on your computer, that malware can communicate with other malware on your computer in an unexpected way. Chances are it could communicate in plenty of expected ways anyway.”

But is this really dangerous?

“Really, nobody's going to actually find a nefarious use for this flaw in practical circumstances. Besides, there are already a million side channels you can use...on every system. Covert channels can't leak data from uncooperative apps or systems.”

“Actually, that one's worth repeating: Covert channels are completely useless unless your system is already compromised.”

Summary: a note on errata

All chips have bugs, like the one described above, called “errata” but you typically don’t hear about them. Occasionally, some make it into the news like Intel’s notorious Pentium FDIV bug. But generally they remain either uninteresting (i.e., not pernicious) or are handled by chipmakers without disclosing them to the public.

See this very long list of errata (PDF) on an Intel processor as reference.

If Martin hadn’t uncovered this bug and written about it, you would be blissfully unaware of it. Just like other errata you’ve never heard about. Whether you should be aware of errata is another question.

I queried Apple and Hector Martin. Apple had no comment. I have yet to hear back from Hector Martin.

——

NOTES:

*Full “executive summary” from report: “A flaw in the design of the Apple Silicon ‘M1’ chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.”

Comments can be sent via direct message to “twitter.com/mbrookec”