There is a new vulnerability called MIRACLES, which is assigned as CVE-2021-30747 identifier, found to be affecting the Apple Silicon Mi chip.
This newly discovered flaw allows any two apps running on an OS to exchange the data between them without the need of memory, sockets, files, or any other normal operating system features.
Official MIRACLES Advisory says, the processes running as different user and under different privileges might make it possible to create a covert channel for surreptitious data exchange.
“The ARM system register encoded as s3_5_c15_c10_1 is accessible from EL0, and contains two implemented bits that can be read or written (bits 0 and 1). This is a per-cluster register that can be simultaneously accessed by all cores in a cluster. This makes it a two-bit covert channel that any arbitrary process can use to exchange data with another cooperating process,” said Asahi Linux.
Furthermore, a pair of malicious processes may create a channel based on the two-bit state through clock-and-data-protocol and this channel could allow the processes to exchange arbitrary amount of data.
“CPU core affinity APIs can be used to ensure that both processes are scheduled on the same CPU core cluster,” the advisory explains.
The CVE-2021-30747 MIRACLES vulnerabilities impacted all Apple M1 users including; macOS users: versions 11.0 and onward, Linux users: versions 5.13 and onwards, OpenBSD user, AmigaOS users, Newton OS users, and iOS users.
Thankfully, malware can’t use this vulnerability to perform any malicious actions like stealing personal information or destroying the data. However, the flaw will be threatening with the system is already infected with malware. In this case, the malware may communicate with other malware on system. But, the flaw is more likely to be abused by cross-app tracking developers only.
“You’re not supposed to be able to send data from one process to another secretly. And even if harmless in this case, you’re not supposed to be able to write to random CPU system registers from userspace either,” the advisory concludes.