Apple M1 vulnerability

Forums › Laptops and mobile computers › Apple M1 vulnerability

1024kb

1169 posts

Uber Geek

ID Verified

Lifetime subscriber

#287179 11-Jun-2021 15:23

Is Apple’s M1 all that it’s cracked up to be? Or is there a serious exploitable vulnerability?

*this is not my research, but it is NZ sourced.

Megabyte - so geek it megahertz

1024kb

1169 posts

Uber Geek

ID Verified

Lifetime subscriber

#2725373 11-Jun-2021 15:25

Those pix were preceded by this:

ARM core has a huge vulnerability. M1 chips can be reprogrammed remotely due to having a memory package on the same plate. Obviously there’s no protection as it’s direct access to them. Serial bus connection can dump the content and rewrite it too. Now the goal is to make it via remotely implanted payload. That’s exactly what Apple does when updating firmware. Their decision to embed EFI into the CPU itself is a huge security misstep. I already reprogrammed few M1 but via soldered in pins. Takes hours. And could brick the chip. But if not you’ll reset it to factory settings or exploit it. I don’t do this for exploiting but other people will."

michaelmurfy

meow
13278 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2725388 11-Jun-2021 15:50

How about posting the link to the article instead of not much context?

IIRC the M1 does not use BridgeOS. If you're referencing to https://9to5mac.com/2021/05/26/m1-security-vulnerability/ then:

"An M1 security vulnerability has been discovered that likely cannot be mitigated by Apple, but the researcher who found it says it’s not something we need to worry about …"

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

antoniosk

2358 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2726442 11-Jun-2021 16:49

michaelmurfy:

How about posting the link to the article instead of not much context?

IIRC the M1 does not use BridgeOS. If you're referencing to https://9to5mac.com/2021/05/26/m1-security-vulnerability/ then:

"An M1 security vulnerability has been discovered that likely cannot be mitigated by Apple, but the researcher who found it says it’s not something we need to worry about …"

so the anti apple brigade have basically proved anything can be broken if you try hard enough?

________

Antoniosk

1024kb

1169 posts

Uber Geek

ID Verified

Lifetime subscriber

#2727480 11-Jun-2021 19:01

michaelmurfy:
How about posting the link to the article instead of not much context?

IIRC the M1 does not use BridgeOS. If you're referencing to https://9to5mac.com/2021/05/26/m1-security-vulnerability/ then:

"An M1 security vulnerability has been discovered that likely cannot be mitigated by Apple, but the researcher who found it says it’s not something we need to worry about …"

This is not the publicly-known benign vulnerability. This is a fresh private discovery that I'm revealing (partially) to you now. Remotely exploiting this unpatchable hardware vulnerability leads to full admin rights over any M1 machine, you just need a hardware address.

Megabyte - so geek it megahertz

1024kb

1169 posts

Uber Geek

ID Verified

Lifetime subscriber

#2727482 11-Jun-2021 19:07

M1 does use GoldenGate Bridge OS.

I'm not a member of any anti-Apple brigade, I regularly own Apple product for my own personal use. Similarly, I'm not a member of any fanbois club either, Apple product is what it is with plusses & minuses to the ownership equation.

If there was a similarly crucial exploitable vulnerability in any other product - be it CPU or shoes, I'd want to know.

RunningMan

8965 posts

Uber Geek

#2727485 11-Jun-2021 19:21

1024kb: [snip]This is a fresh private discovery that I'm revealing (partially) to you now.

Have you told Apple? https://developer.apple.com/bug-reporting/ https://developer.apple.com/security-bounty/

1024kb

1169 posts

Uber Geek

ID Verified

Lifetime subscriber

#2727490 11-Jun-2021 19:34

RunningMan:
1024kb: [snip]This is a fresh private discovery that I'm revealing (partially) to you now.

Have you told Apple? https://developer.apple.com/bug-reporting/ https://developer.apple.com/security-bounty/

As stated in my opening post - this is not my discovery.

Also, there are other bug bounty offers that well exceed Apple's upper limits. I have zero influence over where, when or if this will be sold but doubt that Apple would be the winning bidder. Their treatment of Ian Beer & refusal to pay to charity the millions of dollars that his discoveries are eligible for just because he works for Google should make any bounty hunter very nervous when revealing secrets to Apple.