Apple’s M1 chip has revived its Mac lineup, but a developer has discovered a bug that it says is “burned into Apple silicon chips and cannot be fixed without a new silicon revision”. However, there is probably nothing to worry about, as the same researcher says the effects of this bug are negligible.
The exploit allows two apps to transfer data between them without the need to use files, storage, or other regular data exchange methods in an operating system, says Hector Martin, the developer who found the bug. It can even pass things between users and across permission levels.
Martin warns that this bug is part of all Apple silicon chips and cannot be fixed without Apple addressing the problem in future silicon designs. In other words, Apple can’t just release a patch or get users to update their Macs to fix issues. And since iPhone chips are also based on Apple Silicon, these are also affected (although Apple’s App Store is supposed to automatically wipe out apps that use this exploit, says Martin).
No reason to panic
Even so, Martin carefully states that the risks for ordinary users are minimal. In a Q&A section on his website devoted to the exploit, Martin outlines exactly what he can and cannot do:
Can malware use this vulnerability to take over my computer?
Can malware use this vulnerability to steal my private information?
Can malware use this vulnerability to rickroll me?
Yes. I mean, it could roll you back without using it.
So what can it be used for? Advertisers could potentially use this to bypass Apple’s cross-app tracking protection, but that’s about it, Martin says. Its malevolent uses are blunt: “Really, no one is going to find any real shameful use for this bug in practice.”
In fact, Martin says the only purpose of his website is to “[Poke] It’s fun how ridiculous the reports of vulnerabilities in infosec Clickbait have become lately. Just because it has a flashy website or does the news doesn’t mean you have to worry about it. “
So if you have an M1 Mac, don’t panic. Apple is aware of the bug and is likely working on a solution, but it is unlikely that this exploit will cause widespread disruption. As Martin explains, bad actors have many other, more efficient ways of causing trouble. If you install an antivirus app on your Mac and use common sense, you can protect yourself very well.