Skip to main content
  1. Home
  2. Computing
  3. News

Apple’s M1 chip has a flaw, but you shouldn’t worry

By

Apple’s M1 chip has revitalized its Mac lineup, but a developer has discovered a flaw they say is “baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.” There is probably no need to worry, though, as the same researcher says the impact of this flaw is negligible.

The exploit allows two apps to pass data between them without the use of files, memory, or any of the other regular ways data is exchanged in an operating system, says Hector Martin, the developer who found the flaw. It can even pass things between users and across privilege levels.

Recommended Videos

Martin warns that this defect is part of all Apple Silicon chips and cannot be remedied without Apple addressing the issue in future silicon designs. In other words, Apple cannot simply release a patch or get users to update their Macs to fix things. And since iPhone chips are also based on Apple Silicon, they too are affected (although Apple’s App Store should snuff out apps that use this exploit automatically, says Martin).

Related

No need to panic

Still, Martin is careful to explain that the risks to ordinary users are minimal. In a Q&A section on his website dedicated to the exploit, Martin outlines exactly what it can and cannot do:

Can malware use this vulnerability to take over my computer?
No.

Can malware use this vulnerability to steal my private information?
No.

Can malware use this vulnerability to rickroll me?
Yes. I mean, it could also rickroll you without using it.

Can this be exploited from JavaScript on a website?
No.

So, what can it be used to do? Advertising companies could potentially use this to bypass Apple’s cross-app tracking protections, but that is about it, says Martin. He is blunt about its malicious uses: “Really, nobody’s going to actually find a nefarious use for this flaw in practical circumstances.”

In fact, Martin says the whole purpose of his website is to “[Poke] fun at how ridiculous infosec clickbait vulnerability reporting has become lately. Just because it has a flashy website or it makes the news doesn’t mean you need to care.”

So if you have an M1 Mac, there is no need to panic. Apple is aware of the bug and is likely working on a fix, but it is unlikely this exploit will cause any sort of widespread disruption. As Martin explains, bad actors have plenty of other, more efficient ways to cause trouble. Getting an antivirus app on your Mac and exercising good common sense will go a long way to keeping you protected.

Editors' Recommendations

Topics
Alex Blake
Alex Blake
Computing Writer
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
iMac 27-inch: Everything we know about Apple’s larger, more powerful iMac
Apple iMac Pro News

When Apple killed off the iMac Pro and then completely removed the 27-inch iMac from its online store, we thought that was the end of the road for the larger all-in-one computer. Right now, Apple only sells one size of iMac: the smaller 24-inch version. But what about that gaping hole in the iMac lineup previously occupied by the 27-inch model?

It could be that Apple decides to leave this device dead and buried and instead hopes that the Mac Studio and Studio Display scratch that itch -- that's certainly what sources at 9to5Mac have contended. But there are tantalizing clues that Apple is considering offering a larger iMac with a greater level of performance than the 24-inch iMac. Regardless of whether this is branded an iMac Pro or an iMac, here's everything we know about the next high-end all-in-one from Apple.
Price and release date

Read more
Have an iPhone, iPad, or Apple Watch? You need to update it right now
iPhone 14 Pro Max against a red background.

If you own an Apple product — be in the iPhone, iPad, Apple Watch, or a Mac — you should update it immediately. Why? Apple has begun rolling out updates to all of its devices with fixes for a serious security vulnerability.

The security vulnerability is known as CVE-2023-32434, and it has to do with the kernel privileges of Apple devices. Per Apple's website, the vulnerability allows third-party apps to "execute arbitrary code." In other words, if a bad actor knows how to exploit this vulnerability, they could potentially gain access to your Apple device and wreck havoc.

Read more
Apple’s next MacBook Air could be a huge step forward
Apple's 15-inch MacBook Air on a desk, with macOS Sonoma running on its display.

Before Apple revealed the 15-inch MacBook Air at its Worldwide Developers Conference (WWDC), there was plenty of speculation over what chip would power the device. Unfortunately, we now know it won’t come with a next-generation chip -- but we might not have to wait long before that changes.

That’s because Bloomberg journalist Mark Gurman claims Apple is already working on a new version of the 15-inch MacBook Air that will be kitted out with an M3 chip. We could see this new model as soon as 2024, Gurman’s report says.

Read more