Developer Discovers Vulnerability in Apple M1 Chip devices

Apple devices with the new M1 CPU have a vulnerability that can cause two or more malicious apps to share information with each other. 

According to Tom’s Hardware, the flaw can create a covert channel—a communication channel that can be exploited to transfer information in a way that violates security policy. In doing so, malicious apps can share data without being easily detected.

Developer Hector Martin wrote about the vulnerability (dubbed CVE-2021-30747) in a detailed post, labeling it as harmless. since it can’t be used to infect a Mac. Still, Martin said the potential for malicious apps is troubling. 

"You're not supposed to be able to send data from one process to another secretly. And even if harmless in this case, you're not supposed to be able to write to random CPU system registers from userspace either," Martin wrote in his post. 

It’s important to note that malware cannot use this vulnerability to take over a computer or steal a user’s private information. Instead, Martin said the danger could come if you already have malware on your computer, since that malware can then communicate with other malware on your computer. 

"Honestly, I would expect advertising companies to try to abuse this kind of thing for cross-app tracking, more than criminals," Martin added in his post. 

Apple hasn’t officially commented on the spotted vulnerability or how to patch it. Lifewire reached out to the company for comment, but we haven't yet received a response. 

M1 Mac users can rest assured, anyways, because Apple says the newest 2021 iMac devices with the M1 chip provide better security than previous iMacs. According to the Apple Platform Security Guide, Macs running the M1 chip now support the same degree of protection that iOS devices provide. Apple said the M1 chip makes it harder for malware or malicious websites to exploit your Mac.