Apple’s M1 chip has revitalized its Mac lineup, but a developer has discovered a flaw they say is “baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.” There is probably no need to worry, though, as the same researcher says the impact of this flaw is negligible.
The exploit allows two apps to pass data between them without the use of files, memory, or any of the other regular ways data is exchanged in an operating system, says Hector Martin, the developer who found the flaw. It can even pass things between users and across privilege levels.
Martin warns that this defect is part of all Apple Silicon chips and cannot be remedied without Apple addressing the issue in future silicon designs. In other words, Apple cannot simply release a patch or get users to update their Macs to fix things. And since iPhone chips are also based on Apple Silicon, they too are affected (although Apple’s App Store should snuff out apps that use this exploit automatically, says Martin).
No need to panic
Still, Martin is careful to explain that the risks to ordinary users are minimal. In a Q&A section on his website dedicated to the exploit, Martin outlines exactly what it can and cannot do:
Can malware use this vulnerability to take over my computer?
Can malware use this vulnerability to steal my private information?
Can malware use this vulnerability to rickroll me?
Yes. I mean, it could also rickroll you without using it.
So, what can it be used to do? Advertising companies could potentially use this to bypass Apple’s cross-app tracking protections, but that is about it, says Martin. He is blunt about its malicious uses: “Really, nobody’s going to actually find a nefarious use for this flaw in practical circumstances.”
In fact, Martin says the whole purpose of his website is to “[Poke] fun at how ridiculous infosec clickbait vulnerability reporting has become lately. Just because it has a flashy website or it makes the news doesn’t mean you need to care.”
So if you have an M1 Mac, there is no need to panic. Apple is aware of the bug and is likely working on a fix, but it is unlikely this exploit will cause any sort of widespread disruption. As Martin explains, bad actors have plenty of other, more efficient ways to cause trouble. Getting an antivirus app on your Mac and exercising good common sense will go a long way to keeping you protected.