https://www.wired.com/story/apples-m1-chip-has-fascinating-flaw/
Apple's M1 Chip Has a Fascinating Flaw

APPLE'S NEW M1 CPU has a flaw that creates a covert channel that two or
more malicious apps - already installed - can use to transmit information
to each other, a developer has found.

The surreptitious communication can occur without using computer memory, sockets, files, or any other operating system feature, developer Hector
Martin said. The channel can bridge processes running as different users
and under different privilege levels. These characteristics allow for the
apps to exchange data in a way that can't be detected - at least not
without specialized equipment.

The covert channel bug is harmless, but it demonstrates that even new CPUs
have mistakes in them.

Still, the bug, which Martin calls M1racles, meets the technical definition
of a vulnerability. As such, it has come with its own vulnerability designation: CVE-2021-30747.

"It violates the OS security model," Martin explained in a post published Wednesday. "You're not supposed to be able to send data from one process to another secretly. And even if harmless in this case, you're not supposed to
be able to write to random CPU system registers from user space either."

Other researchers with expertise in CPUs and other silicon-based security agreed with that assessment.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-06-11 13:55, NewsKrawler wrote:

The covert channel bug is harmless, but it demonstrates that even new CPUs have mistakes in them.

Clickity, clack, don't go back!

--
"Mr Speaker, I withdraw my statement that half the cabinet are asses -
half the cabinet are not asses."
-Benjamin Disraeli

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-06-11, Alan Browne <[email protected]> wrote:

The covert channel bug is harmless, but it demonstrates that even new CPUs >> have mistakes in them.

Clickity, clack, don't go back!

If that's a song, the words you seek most likely are in yakity yak by the coasters pandabear, although they could also be found in the tune of
clickity clack don't come/talk back. But not "don't go back."

The dubbing of CVE-2021-30747 is M1RACLES which stands for M1ssing Register Access Controls Leak EL0 State which is the right of the security
researcher who found it to name it.

This unpatchable M1 hardware vulnerability also exists in the A14 processor where there too it represents a two-bit-wide hole allowing programs that
aren't supposed to exchange data to do so without that illicit program-to- program communication which isn't supposed to be happening to be noticed.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-06-11 17:05, NewsKrawler wrote:

On 2022-06-11, Alan Browne <[email protected]> wrote:

The covert channel bug is harmless, but it demonstrates that even new CPUs >>> have mistakes in them.

Clickity, clack, don't go back!

If that's a song, the words you seek most likely are in yakity yak by the coasters pandabear, although they could also be found in the tune of
clickity clack don't come/talk back. But not "don't go back."

The dubbing of CVE-2021-30747 is M1RACLES which stands for M1ssing Register Access Controls Leak EL0 State which is the right of the security
researcher who found it to name it.

This unpatchable M1 hardware vulnerability

What part of "harmless" is giving you an issue, Clicky?


--
"Mr Speaker, I withdraw my statement that half the cabinet are asses -
half the cabinet are not asses."
-Benjamin Disraeli

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-06-11, Alan Browne <[email protected]> wrote:

What part of "harmless" is giving you an issue, Clicky?

No need to slander exact accurate reports.

https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-30747
M1RACLES is a covert channel vulnerability in the Apple Silicon "M1" chip.

A flaw in the design of the Apple Silicon "M1" chip allows any two
applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious
data exchange. The vulnerability is baked into Apple Silicon chips, and
cannot be fixed without a new silicon revision.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-06-11 17:43, Clicky wrote:

On 2022-06-11, Alan Browne <[email protected]> wrote:

What part of "harmless" is giving you an issue, Clicky?

No need to slander exact accurate reports.

https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-30747
M1RACLES is a covert channel vulnerability in the Apple Silicon "M1" chip.

A flaw in the design of the Apple Silicon "M1" chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious
data exchange. The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.

Refer to your own first post:

QUOTE: The covert channel bug is harmless ENDQUOTE

There are thousands of speculative attacks out there whether s/w or h/w.

The attacker would have to get two pieces of s/w installed and running
and at least one of them would have to have access to something useful
to the hacker to pass to the other app.

And what would be the point if one app already has the exploit and could
do whatever dastardly thing it wanted to do?

You're clicking for clicks, Clicky.



--
"Mr Speaker, I withdraw my statement that half the cabinet are asses -
half the cabinet are not asses."
-Benjamin Disraeli

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)