Apple held responsible for a major security flaw as they tempered with ARM architecture.
By Sayyed Shehzer Abbas
Apple Launched its first ARM-based silicon chip designed and manufactured by the company itself in November 2020. After almost 6 months since the product is out in the market the exclusive M1 has effectively advanced toward various items including MacBooks, iMacs, iMac Mini, and surprisingly smaller devices like the iPad Pro. Notwithstanding, as per a new report, it was revealed that the M1 powered iPad Pro and probably other devices featuring M1 processors might be a threat to its customers because of a security flaw.
Developer Hector Martin pointed out this flaw which he experienced on an iPad Pro powered by the Apple M1. He claimed that the device has a weakness that exists on an equipment level of the M1 which implies this issue cannot be fixed through a basic software update. Clearly, the multinational technology company has disregarded the ARM design details and caused this flaw.
Martin further clarified that this security fault permits two applications to secretly trade information without utilizing typical features provided by the operating system itself. He confirmed that this security is not any potential threat and cannot harm its customers by anyway. The weakness cannot be misused by programmers to assume responsibility for one’s gadget or even take sensitive data however it can empower promoters for cross-application tracking. Apple introduced a feature with its iOS 14.5 update which let the user decide if he/she wants the app to track their activity or not and share with other apps. But, with this flaw this feature may also fail to entertain its users. Regardless, the fault abuses the OS security model, something Apple have always been confident about.
Also, this issue is diligent on each M1 device, which implies it could even influence the iPhone 12 lineup too since the A14 Bionic depends on a similar CPU microarchitecture.
As indicated by Hector Martin, the lone method of fixing this is to convert the whole operating system into a virtual machine (VM) which would disable the cross-app tracking feature. But decision like this is not expected from the company.