Friday, June 4, 2021

M1racles: M1ssing Register Access Controls Leak EL0 State

Hector Martin (tweet, Hacker News, Bruce Schneier):

A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.

The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.


The ARM system register encoded as s3_5_c15_c10_1 is accessible from EL0, and contains two implemented bits that can be read or written (bits 0 and 1). This is a per-cluster register that can be simultaneously accessed by all cores in a cluster.


Really, nobody’s going to actually find a nefarious use for this flaw in practical circumstances. Besides, there are already a million side channels you can use for cooperative cross-process communication (e.g. cache stuff), on every system. Covert channels can’t leak data from uncooperative apps or systems.

1 Comment RSS · Twitter

There is a theoretical attack here: you manage to infect two completely sandboxes processes, but one has network access and the other has full disk access. Now the latter can reach the network.

Of course, in practice, you’re way more likely to infect a single process with access to both, anyway.

Leave a Comment