This can be done without “using computer memory, sockets, files, or any other operating system feature,” Ars Technica reports, citing the work of developer Hector Martin. It could reportedly be utilized to allow for malicious apps, which would have to be already installed, to pass information undetected.

The M1racles Vulnerability

Martin refers to the bug as M1racles. It reportedly conforms to the definition of a computer vulnerability. Its official designation is CVE-2021-30747.

The good news is that, while Apple likely doesn’t want any security issues with its M1 Mac, this particular vulnerability is thought to be “mainly harmless.” That’s because it cannot be exploited to infect a Mac with malware or to steal or otherwise tamper with data that’s stored on said Mac. Nonetheless, in a blog post describing the vulnerability, Martin notes that:

According to Martin, the flaw results from a per-cluster system register in ARM CPUs, which includes the ARM-based Apple Silicon processors. This is accessible by EL0, a mode which is held for user applications, and has limited system privileges.

The report continues that: “The register contains two bits that can be read or written to. This creates the covert channel, since the register can be accessed simultaneously by all cores in the cluster.” The approach, with a bit of optimization, could reportedly be used to achieve transfer rates of more than 1MB per second.

Apparently the vulnerability cannot be patched using an over-the-air software update, which is how Apple typically solves bugs and other vulnerabilities.

Apple did not respond to the report, revealing whether it will fix the flaw in future versions of its acclaimed M-series chips. Apple is supposedly already underway with development of the M2 chips, its next generation Apple Silicon, which will likely arrive later this year.

Probably Harmless

As noted, this isn’t a flaw that the overwhelming majority of users need worry about. Nonetheless, it shows that even Apple’s fancy new Apple Silicon isn’t free of potential flaws.

While this one seemingly isn’t a particularly egregious one, users should always stay on their toes, and keep abreast of what security researchers uncover. You never know when it could be something far more serious.