It allows two running applications to secretly exchange data.
Cybersecurity researcher Hector Martin discovered a vulnerability in the M1 processor that runs the latest Mac computers. A flaw in the chip design allows you to run two applications in parallel and secretly transfer data between them.
Any two applications running on the system can exchange data without using memory, sockets, files, or other “normal” OS capabilities. The vulnerability works between processes running on different users with different privileges and creates a secret channel for data exchange.
Since the vulnerability is at the hardware level, it cannot be fixed without a new revision of the chips with modifications. Already released and sold devices are not subject to correction.
As Martin noted, owners of devices on M1 have nothing to worry about yet — in the worst case, the vulnerability can only be exploited by advertising companies to track users between applications.