Covert channel in Apple’s M1 is mostly harmless, but it sure is interesting

Logo for Apple's M1 line.

Enlarge (credit: Apple)

Hector Martin said. The channel can bridge processes running as different users and under different privilege levels. These characteristics allow for the apps to exchange data in a way that can’t be detected—or at least without specialized equipment.

Technically, it’s a vulnerability but…

Martin said that the flaw is mainly harmless because it can’t be used to infect a Mac and it can’t be used by exploits or malware to steal or tamper with data stored on a machine. Rather, the flaw can be abused only by two or more malicious apps that have already been installed on a Mac through means unrelated to the M1 flaw.

Read 14 remaining paragraphs | Comments