Apple M1 and A14 processors built with a security hardware vulnerability

Hector Martin, a software developer, studied the design of the new Apple M1 and Apple A14 processors and found that both have a hardware vulnerability that cannot be fixed. Both models are made using the 5nm manufacturing process from TSMC and are found in the latest generations of devices from the iPhone, iPad and Mac families. Fortunately, the vulnerability does not allow remote device control, but it can be used for online tracking, even if Apple blocks it through software.

The vulnerability of the Apple M1 and A14 processors is not as serious as it seems

According to an article published on Martin’s website, the Apple M1 and Apple A14 processors have a design imperfection caused by the fact that Apple did not exactly comply with the design specifications from ARM. Thus, processors that use this design, ie the latest models, are vulnerable, allowing processor-level communication of two applications running in parallel. Thus, there may be a transfer of information between them, even if it is not allowed at the operating system level.

However, Hector Martin says the vulnerability does not endanger users’ devices and cannot be used to steal private information or install malware in the background. The worst thing that can happen is for a company to use the vulnerability to monitor user activity in other applications. Thus, the vulnerability could allow companies to fix what Apple is trying to block through App Tracking Transparency on iOS. However, the company could detect the use of the vulnerability and ask developers to remove it from applications.

It seems that a solution would be to run the operating system under a virtual machine, as the accessible software processor is a virtual one, not directly the physical one. As the next-generation processors, the Apple A15 and the new Apple Silicon M1X / M2 are already in production, this vulnerability is also expected on devices that the company will launch in 2021. Probably a hardware overhaul or a new generation could solve this. problem in the future.

You May Also Like

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.