A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.
The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.
...
The ARM system register encoded as
s3_5_c15_c10_1is accessible from EL0, and contains two implemented bits that can be read or written (bits 0 and 1). This is a per-cluster register that can be simultaneously accessed by all cores in a cluster. This makes it a two-bit covert channel that any arbitrary process can use to exchange data with another cooperating process. A demo app to access this register is available here.... This approach, without much optimization, can achieve transfer rates of over 1MB/s (less with data redundancy).
The original purpose of this register is unknown, but it is not believed to have been made accessible to EL0 intentionally, thus making this a silicon erratum.
One feller's views on the state of everyday computer science & its application (and now, OTHER STUFF) who isn't rich enough to shell out for www.myfreakinfirst-andlast-name.com
Pages
▼
Thursday, June 10, 2021
The m1racles M1 flaw is cool
From m1racles.com:
I love stuff like illegal opcodes. As the page's author says, "Someone in Apple's silicon design team made a boo-boo. It happens. Engineers are human." Every chip has mistakes. As long as it's not damaging, and this one doesn't seem to be, what's most interesting to me is how skillfully humans are able to find them. Easter egg hunting redux.