A developer and security researcher discovered a new kind of gap in Apple’s new ARM-based silicon chips. This allows malware applications to communicate with each other in a hidden manner, which should not be technically possible. So-called covert channel technology is used here.
From Hector Martin They discovered the problem, and who even participated in Transfer from Linux to ARM Macs It works, works from process to process and allows information to be passed even if it is executed by different users with different access rights. According to Martin, no memory areas, sockets, files, or other operating system functions are used.
M1 miracle
Martin Gap Baptized as “M1racles” Not a practical security risk Reason: The malware used by M1racles can only communicate between programs that are already installed, but it cannot steal or change other data on the computer. However, the OS’s security paradigm will be broken, so Martin. This actually does not allow for the secret exchange of process data. These transfers can only be detected using special technology.
M1racles don’t come close to serious processor vulnerabilities like Specter or Meltdown, which affect x86 processors. To the contrary, commented Michael Schwartz, one of the discoverers of the two holes Ars TechnicaRemember the error To an anonymous mailbox. This remains hidden from other apps and cannot be prevented efficiently.
More dangerous on iOS
However, this does not lead to data or metadata leakage from other applications. Because there are so many ways applications can connect, this additional pathway is not suitable for a truly negative impact on security. “It is still correct to call it a weakness.” This vulnerability may be more dangerous in iOS apps, which are usually strictly separated from each other by sandbox mode.
The M1racles error is due to a problem in the system registry for each group of ARM CPUs. This in EL0-mode Can reach. Two bits can then be read and written, which forms the secret channel.
(Bachelor)
“Reader. Organizer. Infuriatingly humble twitter expert. Certified communicator.”
More Stories
Gollum will debut in 2022. The creators calm the waiting fans
Pixel 7 & Pixel 7 Pro: Google announced new smartphones – all that is already known (Gallery)
Sonic Frontiers will be a hit. SEGA aims to get very high ratings from reviewers