M1RACLES: Apple M1 Exposed To Covert Channel Vulnerability

Written by Michael Larabel in Linux Security on 26 May 2021 at 05:40 AM EDT. 26 Comments
Apple's shiny new in-house M1 Arm chip is the latest processor challenged by a security vulnerability. The "M1RACLES" vulnerability was made public today as a covert channel vulnerability by where a mysterious register could leak EL0 state.

The M1RACLES vulnerability is assigned as CVE-2021-30747. This vulnerability is summed up as, "A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange...The ARM system register encoded as s3_5_c15_c10_1 is accessible from EL0, and contains two implemented bits that can be read or written (bits 0 and 1). This is a per-cluster register that can be simultaneously accessed by all cores in a cluster. This makes it a two-bit covert channel that any arbitrary process can use to exchange data with another cooperating process."

As with most CPU vulnerabilities these days, there is a demo video and shiny website at m1racles.com outlining this find plus proof-of-concept demo code.

As this deals with a CPU register, the vulnerability is there regardless of using Apple macOS or the new M1 support in the Linux kernel or other operating systems.

For the moment the only workaround/mitigation is running your software within a virtual machine where hypervisors currently disable access by the VM to the s3_5_c15_c10_1 register.

This vulnerability was discovered by the Asahi Linux crew as part of the bring-up of Linux on the Apple Silicon hardware.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week