M1RACLES was a security flaw that was hyped as a joke, because it was such a weak bug, and yet it was hyped to oblivion. It totally does not deserve even a mention on the M1 Wikipedia page.
The flaw means that two malicious processes, already on the system, can potentially communicate without the OS being aware. Even though they already could through pipes, desktop icons, files, inter-process communication, screen grabbing each other, over the network, from a remote website, take your pick. Now, what are the odds of two malicious processes, being on a system, with a pre-agreed protocol for communication, going to need a weird processor bug to communicate over for? Absolutely nothing. It's not supposed to happen - but it's basically useless when you are twice-pwned already.
The other flaw that was found was that Pointer Authentication (PAC) could be defeated on the M1 with the PACMAN attack. However, PAC was actually an ARM standard added in ARMv8.4 that affects all ARMv8.4 implementers - the M1 just happens to be the most notable chip with that ARM version. Versions before ARMv8.4 didn't have PAC at all - so, even with that defeated, you aren't worse off than you were before ARMv8.4, so it's just a "sad, we tried, but oh well" thing from ARM's perspective.
Notably, almost every other Arm A series processor which supported PAC also was susceptible to the same attack [1], the issue is just that actually buying such processors is nigh impossible (up until this year it was actually impossible, now you just need to do research on a phone SoC) whereas anyone can buy an apple silicon device from a million different places.
gjsman-1000|3 years ago
The flaw means that two malicious processes, already on the system, can potentially communicate without the OS being aware. Even though they already could through pipes, desktop icons, files, inter-process communication, screen grabbing each other, over the network, from a remote website, take your pick. Now, what are the odds of two malicious processes, being on a system, with a pre-agreed protocol for communication, going to need a weird processor bug to communicate over for? Absolutely nothing. It's not supposed to happen - but it's basically useless when you are twice-pwned already.
The other flaw that was found was that Pointer Authentication (PAC) could be defeated on the M1 with the PACMAN attack. However, PAC was actually an ARM standard added in ARMv8.4 that affects all ARMv8.4 implementers - the M1 just happens to be the most notable chip with that ARM version. Versions before ARMv8.4 didn't have PAC at all - so, even with that defeated, you aren't worse off than you were before ARMv8.4, so it's just a "sad, we tried, but oh well" thing from ARM's perspective.
Sirened|3 years ago
[1] https://developer.arm.com/documentation/ka005109/
sedeki|3 years ago