Apple M1 Vulnerability Discovered

08-06-2021 | By Sam Brown

The recent Apple M1 processor designed by Apple has been discovered to contain a bug that could be used maliciously. Why did Apple design the M1, what does the vulnerability do, and is it really a threat?

Why did Apple design the M1?

For the longest time, computer processors were manufactured by specialists such as Intel and AMD. While there was a large amount of variety in microcontroller architecture, microprocessors all had to be compatible. This compatibility ensured that all computers could run the same software which maximised the reach of both the CPU and the software. The result of this has been a market dominated by x86/x64 ISA and Microsoft Windows. 

However, the introduction of AI technologies shows how traditional processors are struggling to keep up with the times. Simply put, standard off-the-shelf processors are designed to be able to run any task with no real specialisation. While this means that they can perform almost any computation thinkable, they cannot do so efficiently. For example, a generic CPU can run office applications, render video, compute physics equations, and decipher encryptions, but it is not designed to run any of these tasks. As such, the CPU efficiency of each task is low and therefore consumes excessive energy while taking longer than a circuit dedicated to each task.

This need for processors with unique capabilities has started a new trend where designers create their own processors. However, instead of developing an entire processor from scratch, the availability of IP cores such as ARM and free cores such as RISC-V allow designers to develop a processor that is already compatible with software libraries and platforms already in existence. Furthermore, the use of RISC over CISC provides a processor with more silicon room which can be used for specialised functions needed by a designer. For example, a designer could incorporate an AI engine, on-the-fly encryption unit, and an expanded cache.

The Apple M1 is Apple’s answer to the declining capabilities of off-the-shelf CPUs in specialised applications. The M1 integrates 8 ARM cores clocked at 3.2GHz, integrated RAM for increased speed, GPU, and a dedicated neural network accelerator for running AI task.

The Apple M1 vulnerability

As with any new design, there are bound to be some bugs and/or errors, and the Apple M1 is no different. Recently, a new bug found in the M1 has come to light which the founder of the bug has named as M1racels, but the official name of the vulnerability is CVE-2021-30747. 

The discovered bug is less of a bug and more of a design blunder that initially had positive intentions. Simply put, a channel system inside the M1 allows two different processes to share data directly. This may not seem like a bug, but when considering that this communication happens unknowingly to any operating system, and can happen between two processes of different privilege levels, the ramifications become more apparent.

This bug essentially allows for any two apps to communicate with each other, and an attacker could in theory hijack the main process and have it feed data to and from another app without being detected. Because this bug exists in the hardware, it cannot be patched or fixed meaning that all M1 devices are vulnerable to this communication system.

Is the M1 bug a threat?

According to the founder of the bug, it does not currently possess a threat as no apps or system tasks use the communication method. This means that there are no running apps that could be communicated with, and therefore attackers could only use it with their own processes.

However, as processors become more complex, it becomes more challenging to try and identify potential security risks. Each process executed by the ARM core may appear to be secure, but as more systems components are added, the chance of security bugs making their way into the design increases. For example, a processor could be designed with privilege levels that only task 0 can access (i.e. the OS). Still, if this processor is used in a multi-core design, then a designer may overlook this. For example, a standard user process in another core occupying task 0 could gain privilege levels thus unlocking the full potential of that core to the running task.

As companies design their own processors, bugs will be introduced, bugs will be removed, and the overall performance will improve. However, even companies such as Intel can introduce bugs as they change the architecture, add new instructions, and integrate new hardware circuitry.

By Sam Brown