Apple M1 chips reveal the first bug named M1RACLES

Asahi Linux software engineer Hector Martin discovered a bug in Apple M1 chips that cannot be fixed without redesign.

Fortunately, even the expert himself considers the exploitation of this error, which was named M1RACLES (M1ssing Register Access Controls Leak EL0 State) and identifier CVE-2021-30747, unlikely, and the vulnerability itself is almost insignificant.

Martin says that the bug allows two applications running on the same device to communicate with each other over a secret communication channel at the CPU level, without using memory, sockets, files or other normal operating system functions. According to the researcher, this problem is the result of a common mistake related to the human factor.

Although this vulnerability is interesting because it took a high level of knowledge and experience to find such a hardware bug, Martin notes that this bug can in no way be useful to attackers.

In the FAQ on the official website of the vulnerability, the researcher writes that the problem cannot be used by malware to hijack the device, it cannot be used to steal data, and ordinary users have nothing to worry about.

Can malware use this vulnerability to take over my computer?
Can malware use this vulnerability to steal my private information?
Can malware use this vulnerability to rickroll me?
Yes. I mean, it could also rickroll you without using it.
Can this be exploited from Javascript on a website?
Can this be exploited from Java apps?
Wait, people still use Java?
Can this be exploited from Flash applets?
Please stop.
Can I catch BadBIOS from this vulnerability?
Wait, is this even real?
It is.
So what’s the real danger?
If you already have malware on your computer, that malware can communicate with other malware on your computer in an unexpected way.
Chances are it could communicate in plenty of expected ways anyway.
What about APTs?
They have better exploits anyway. They don’t care.
So you’re telling me I shouldn’t worry?

The only way to exploit the bug, according to Martin, is by shady ad companies that can abuse the application that they pre-installed on the user’s device.

In theory, cross-app tracking can be implemented in this way, although there are many other more reliable data collection methods in the advertising industry, and M1RACLES is unlikely to interest anyone from this point of view.

Martin writes that he notified Apple about his find, but the company has not yet announced whether they plan to fix the bug in future versions of the M1 chips.

Let me remind you that we talked about the fact that the IS-researcher published a jailbreak for all iOS devices with chips from A5 to A11, as well as that Jailbreakers claim they have learned how to hack Apple T2 chips.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button