Apple M1 chips contain a security bug that is next to impossible to fix

But don’t sweat, it really can’t be used to do any real harm

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Apple’s indigenously-developedArm-based M1chip suffers from a covert-channel vulnerability, unearthed byLinuxdeveloper Hector Martin.

Martin unearthed the vulnerability, dubbed M1RACLES, while working on theAsahi Linuxproject to port Linux to run on the Apple M1.

Martin has created a website to share details about the vulnerability. But, while the executive summary of the bug makes this bug appear like it is a significant one, Martin clarifies that it doesn’t pose any threat at all.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

“Really, nobody’s going to actually find a nefarious use for this flaw in practical circumstances….Covert channels can’t leak data fromuncooperativeapps or systems,” explains Martin in a FAQ on the vulnerability.

Nuisance value

Nuisance value

Martin explains that the vulnerability was the result of a conscious decision on Apple’s part who he argues decided to break theArmspec by removing a mandatory feature, since they’d never need to use that feature for macOS.

Although there’s very little that can be achieved by exploiting this vulnerability, he says he flagged it because it violates the OS security model.

“You’re not supposed to be able to send data from one process to another secretly,” he reasons.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Martin says that Apple will have to make a change on the silicon level to the M1 to mitigate this flaw. He suggests that the bug can be mitigated invirtual machines (VM), since the register still responds to VM-related access controls, but again adds that users should worry about other prevalent security issues likemalware, rather than the M1RACLES bug.

TechRadarProhas contacted Apple for comment.

ViaThe Register

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

7 myths about email security everyone should stop believing