M1ssing Register Access Controls Leak EL0 State
May 27, 2021 1:11 PM   Subscribe

M1RACLES (CVE-2021-30747) is a covert channel vulnerability in the Apple Silicon “M1” chip.
posted by Freelance Demiurge (21 comments total) 15 users marked this as a favorite
 
So what's the point of this website?

Poking fun at how ridiculous infosec clickbait vulnerability reporting has become lately. Just because it has a flashy website or it makes the news doesn't mean you need to care.

If you've read all the way to here, congratulations! You're one of the rare people who doesn't just retweet based on the page title :-)
posted by hanov3r at 1:25 PM on May 27, 2021 [15 favorites]


Can malware use this vulnerability to take over my computer? No.
Can malware use this vulnerability to steal my private information? No.
Can this be exploited from Javascript on a website? No.
So what's the real danger? If you already have malware on your computer, that malware can communicate with other malware on your computer in an unexpected way.

Yeah, this is making fun of infosec clickbait. In the unlikely event that this is a problem for you, you have at least two other much worse problems.
posted by mhoye at 1:28 PM on May 27, 2021 [11 favorites]


I came here from a news site and they didn't tell me any of this at all!
Then perhaps you should stop reading that news site, just like they stopped reading this site after the first 2 paragraphs.

But I like that news site!
posted by SageLeVoid at 1:30 PM on May 27, 2021 [5 favorites]


Can this be exploited from Flash applets?

Please stop.
posted by chavenet at 1:34 PM on May 27, 2021 [8 favorites]


Yeah, this is making fun of infosec clickbait.

Bonus
posted by Freelance Demiurge at 1:37 PM on May 27, 2021 [2 favorites]


THAT IS A FAQ MOFOS
posted by lalochezia at 1:41 PM on May 27, 2021 [2 favorites]


Hi Mark!
posted by vibratory manner of working at 1:52 PM on May 27, 2021 [2 favorites]


I'm not entirely clear on why the difference between type-1 and type-2 hypervisors mitigates the bug, but it sounds like it's sort of moot because Apple designed the chip the way they did because Apple doesn't expect macOS to ever be a type-1 hypervisor, if I'm reading that right?
posted by Kyol at 1:58 PM on May 27, 2021


Oh, it's marcan! That guy is awesome. So is Alyssa Rosenzweig. Here's hoping they're able to get Linux running on the M1 (and not just as a TTY).
posted by nosewings at 2:01 PM on May 27, 2021 [1 favorite]


They got me. Our security editor is off so I just shared it internally to ask if anyone had seen it around... then scrolled down.
posted by BlackLeotardFront at 2:17 PM on May 27, 2021 [4 favorites]


MetaFilter: Please stop
posted by It's Never Lurgi at 2:18 PM on May 27, 2021 [15 favorites]


This is great. I can't be the only one sick of reading articles about some huge dangerous security flaw and eventually clicking through to find out it's yet another variation of "if you can gain control of this root-privileged process, you can compromise the system."

i.e. "if you compromise the system, then you can compromise the system."
posted by zixyer at 2:18 PM on May 27, 2021 [10 favorites]


This particular one is silly, but vulnerabilities that are only exploitable through another vulnerability are still issues worthy of concern. You never know what unknown zero day is just around the corner that might give an attacker the more limited access needed. If you patch the first vulnerability and have reasonable security practices, then them gaining access to a local account or jailed process running as root isn't nearly as big a deal. Exploit chaining has been a thing for a very long time now.

Sure, it may render your machine useful to them for attacking others while obscuring the origin of the attack, but maybe it doesn't leak all your data or expose you to ransomware.
posted by wierdo at 2:43 PM on May 27, 2021 [3 favorites]


"but vulnerabilities that are only exploitable through another vulnerability are still issues worthy of concern."

Yeah, almost every time I've read an account of a successful compromise that wasn't social engineering, it involved combining seemingly innocuous flaws into a pathway that eventually added up to a serious one.

This is still funny, however...
posted by i_am_joe's_spleen at 3:05 PM on May 27, 2021 [3 favorites]


My ELO state is Mr. Blue Sky.
posted by Horace Rumpole at 4:41 PM on May 27, 2021 [7 favorites]


As someone who must issue CVE advisories from time to time and has issued one as recently as (checks calendar..) Wednesday, I am kind of sick of the trend of giving vulnerabilities exciting-sounding names to grab more headlines.

On the other hand, even I struggle to keep the default identifiers straight and if the people who are publishing them can't tell one from another, I guess it's not a surprise if the public does better with a handle that's not in the form of "CVE-$year-$integer" so I don't expect the trend to go away any time soon.
posted by Nerd of the North at 4:57 PM on May 27, 2021 [2 favorites]


My ELO state is more Here Is The News
posted by Catblack at 8:54 PM on May 27, 2021 [4 favorites]


Dunno. Seems RISC-y
posted by schmod at 5:16 AM on May 28, 2021 [5 favorites]


This man was well ARM'd.
posted by thebotanyofsouls at 7:52 AM on May 28, 2021 [2 favorites]


My ELO state is definitely Xanadu.
posted by Your Childhood Pet Rock at 8:13 AM on May 28, 2021


This news has now made its way onto Wired (fascinating) and ArsTechnica (mostly harmless).
posted by Lanark at 1:48 PM on May 30, 2021


« Older A Czech Angel's Thesis   |   A map of the unseen unknown aka dark matter Newer »


This thread has been archived and is closed to new comments



Tags

Share