Reply to post: Re: So what happened to "Intel Sucks!!! Apple's M1 FTW!!!"

Unfixable Apple M1 chip bug enables cross-process chatter, breaking OS security model

ST Silver badge
Devil

Re: So what happened to "Intel Sucks!!! Apple's M1 FTW!!!"

> Really, nobody's going to actually find a nefarious use for this flaw in practical circumstances.

Yaaaaaaaaaaaaaaaaaaaa. Right. Nobody's gonna do that. Because people are nice and they don't do this kind of stuff. And because no-one has any interest in exploiting this vulnerability. And because AppStore.

"A malicious pair of cooperating processes may build a robust channel out of this two-bit state, by using a clock-and-data protocol (e.g. one side writes 1x to send data, the other side writes 00 to request the next bit)," explains Hector Martin, founder and project lead of Ashai Linux, in his vulnerability disclosure. "This allows the processes to exchange an arbitrary amount of data, bound only by CPU overhead."

You seem to believe that those interested in exploiting this vulnerability are all just a bunch of amateur boobs.

From the looks of it, this looks worse than Intel's Spectre. At least Spectre can be mitigated by disabling SpecEx - at a significant performance cost. This M1 hole can't be mitigated.

Pull the other one, and leave Intel out of it. This has nothing to do with Intel.

Mandatory Disclaimer: I don't work at Intel.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021