According to developer Hector Martin, Apple’s M1 chip has a vulnerability that cannot be fixed without a silicon patch. The flaw enables a covert channel that allows two malicious applications to communicate with each other. However, unless your system is attacked by exploits or malware through other means, “covert channels are completely useless,” Martin wrote in a blog post first discovered by Ars Technica.
According to the developer, the vulnerability itself is harmless. Because malware cannot use it to steal or interfere with data on the Mac. However, it “violates the security model of the operating system,” Martin said. “You should not be able to secretly send data from one process to another. And even if it is harmless in this case, it should not be able to write random CPU system registers from userspace. “Without special equipment, it is impossible to detect when applications communicate with each other through a covert channel.
As stated in Ars Tech Notes, these hidden connections do not require operating system functions, system memory, sockets, or files. Even application Programs run under different user profiles or individual privilege levels, and applications can also use covert channels to communicate. (or other chips that support covert channels) are used in iPhones. This type of communication may cause changes to these devices. Big impact. Keyboard apps on iOS can’t access the Internet, so they can’t stream your input. Malicious users can send their keystrokes to another app through a secret channel, and their input may be something they will interact with later.
Hiding channels can also allow apps to bypass the inter-app tracking restrictions in iOS 14.5. As Ars Technica pointed out, Apple will never have to approve two malicious apps and users must install both apps at the same time. So the possibility of this happening seems to be very small. The computer runs your operating system as a virtual machine, which can severely affect performance. Considering that the covert channel is unlikely to be harmful to your Mac and the performance trade-off, choosing to run macOS in a virtual machine may not be worth it. In addition, if there are at least two malicious software in the system, even if they cannot communicate with each other, you will have bigger fry to blow up.