Announcement

Collapse
No announcement yet.

M1RACLES: Apple M1 Exposed To Covert Channel Vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • M1RACLES: Apple M1 Exposed To Covert Channel Vulnerability

    Phoronix: M1RACLES: Apple M1 Exposed To Covert Channel Vulnerability

    Apple's shiny new in-house M1 Arm chip is the latest processor challenged by a security vulnerability. The "M1RACLES" vulnerability was made public today as a covert channel vulnerability by where a mysterious register could lead EL0 state...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Proof that security through obscurity isn't the right thing.
    It apparently works, but one day... these vulnerabilities are found and the security strategy is shattered. (Not even Phoronix is safe from Touhou)

    Comment


    • #3
      Hm, it's not THAT bad but on the other hand it's also pretty bad.

      Comment


      • #4
        Originally posted by sandy8925 View Post
        Hm, it's not THAT bad but on the other hand it's also pretty bad.
        no, it's not THAT bad, but the fact that it exists can raise some concerns about other possible vulnerabilities.
        unfortunately CPU/RAM situation, from any vendor, is quite far from being decent at the moment.

        Comment


        • #5
          Curious summary from their website:


          Aren't bugs like this rare and critical?
          No, all CPUs have silly errata like this, you just don't hear about it most of the time. Some vendors even occassionally hide some of these errata and don't disclose them properly, because it makes them look bad. I hear some of them rhyme with “doorbell”.

          But I've only heard about Spectre and Meltdown and...?
          Because those are the ones that the discoverers chose to hype up. To be fair, those were kind of bad.

          So what's the point of this website?
          Poking fun at how ridiculous infosec clickbait vulnerability reporting has become lately. Just because it has a flashy website or it makes the news doesn't mean you need to care.

          If you've read all the way to here, congratulations! You're one of the rare people who doesn't just retweet based on the page title :-)

          But how are journalists supposed to know which bugs are bad and which bugs aren't?
          Talk to people. In particular, talk to people other than the people who discovered the bug. The latter may or may not be honest about the real impact.

          If you hear the words “covert channel”... it's probably overhyped. Most of these come from paper mills who are endlessly recycling the same concept with approximately zero practical security impact. The titles are usually clickbait, and sometimes downright deceptive.

          I came here from a news site and they didn't tell me any of this at all!
          Then perhaps you should stop reading that news site, just like they stopped reading this site after the first 2 paragraphs.

          Comment


          • #6
            allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features.
            Efficient message passing implemented in the CPU? That's nice, could be the CPU for microkernel operating systems.

            Comment


            • #7
              So the Apple has worms. Do we cut the worm out or throw away the Apple?

              Comment


              • #8
                Originally posted by oleid View Post

                Efficient message passing implemented in the CPU? That's nice, could be the CPU for microkernel operating systems.
                Only if you call transfer rates of over 1MB/s with a lot of CPU overhead (Write 1bit, check if it is unset, do it again) efficient.
                In general a nice idea, but I think for a lot of data, with local sockets it would be a lot faster.
                I think it only makes sense with very very little data.

                Comment


                • #9
                  If one did this exploit on a liquid nitrogen overclocked M1 they'd have M1RACLES ON ICE.

                  Comment


                  • #10
                    From their website (which seams to joke a lot, I like it)

                    So what's the real danger?

                    If you already have malware on your computer, that malware can communicate with other malware on your computer in an unexpected way.
                    Chances are it could communicate in plenty of expected ways anyway.

                    Comment

                    Working...
                    X