M1RACLES (CVE-2021-30747) is a covert channel vulnerability in the Apple Silicon “M1” chip:

@fribbledom Took longer than I thought, I'll have to read this later!

@fribbledom I kinda love this bug. It's one of those "oops" things that doesn't really effect much.

@Miredly @fribbledom No it doesn't! It can't read any of your data it shouldn't be able to, it can't change any of your data it shouldn't be able to; all it can do is chat between two processes that shouldn't be able to talk to each other - both end would have to be compromised; Meh.

@fribbledom I laughed when I got to the "If you've read all the way to here, congratulations!" part. 🙂

@fribbledom The besg part is "Wait, people still use Java?".
And I whould just say that someone didn't uae enterprise software in producing industries lately.
Java is everywhere. You may not have to insta it, but every time it's used the software brings it's own copy.

(No need to answer, just more info on Java)

@fribbledom Yeah, I saw someone asking how soon they can patch it a couple of days ago. Oh sweet summer child.

@shpuld @fribbledom The Apple guy had to explain how hardware steppings work and the time involved in a hardware pipeline.

I think the quote was along the lines of “just throw it away when we release the new model next year”, which is what I expected from “Designed in California” fruit corp.

@fribbledom Learned something new about security, since to me that sounded like a serious problem at a glance.

And got a reminder of how much Apple likes breaking stuff for no real reason. (I'm talking about Apple breaking the ARM spec.)

@fribbledom Heh, marcan was teasing this on Twitter for ages

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!