Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPad Pro M1 security flaw

J

jsmith1

macrumors 6502a
Original poster
Jun 6, 2010
683
594
www.phonearena.com

iPad Pro's M1 chip has an unfixable security flaw

A developer has discovered that Apple's M1 and A14 Bionic chips have a hardware security flaw that can't be fixed via software.
www.phonearena.com www.phonearena.com

True or not?

Guess my iPhone 12 is safe although it has a flaw as well but I won’t be getting iPad with M1 as I do lots of banking online...

“Apple has been made aware of the issue and the company has acknowledged it.”

ok looks real, this is going to be a problem for Apple
 
  • Angry
  • Haha
Reactions: EmotionalSnow and Surfman
From the article

Thankfully, the vulnerability does not pose any serious security risks and at worst, it could be used by advertisers for cross-app tracking. Martin says it cannot be used by bad actors to take over your device or steal your private information.
 
  • Like
Reactions: BigMcGuire and EmotionalSnow
VineRider said:
From the article

Thankfully, the vulnerability does not pose any serious security risks and at worst, it could be used by advertisers for cross-app tracking. Martin says it cannot be used by bad actors to take over your device or steal your private information.
Click to expand...
I’m still trying to determine what this really means from other sources as well, I basically use my iPad for banking and other sensitive information and am wondering now how safe it will be, current iPad ok but my phone maybe maybe not. In the coming days I’m sure more info will be released.
 
  • Haha
  • Angry
Reactions: BigMcGuire and EmotionalSnow
I wondered why they couldn’t patch this by enforcing things at the App Store level.

This is what the article says:

“Honestly, I would expect advertising companies to try to abuse this kind of thing for cross-app tracking, more than criminals. Apple could catch them if they tried, though, for App Store apps.”
Click to expand...
 
jsmith1 said:
I’m still trying to determine what this really means from other sources as well, I basically use my iPad for banking and other sensitive information and am wondering now how safe it will be, current iPad ok but my phone maybe maybe not. In the coming days I’m sure more info will be released.
Click to expand...
As it states in the article.

Covert channels cannot leak data from uncooperative applications.

The flaw essentially could allow 2 separate apps to talk without going through the usual channels. So Google could make YouTube talk to chrome and could show adverts based what you did in other apps that are sharing. Unless your banking info etc is offering up that to other apps there is no risk.

The reality is that the only way this would be exploited is to get around the cross app tracking option
 
  • Like
Reactions: jsmith1
Lihp8270 said:
The reviewers aren’t going to know what data is being secretly shared between apps.
Click to expand...
Maybe, maybe not.

Depending on the nature of the flaw, automatic analysis could flag the app’s attempt to use it. If that’s the case it can easily be rejected anyway. Doesn’t matter exactly what they share that way.
 
Look at the source, and keep reading.

So what's the point of this website?​


Poking fun at how ridiculous infosec clickbait vulnerability reporting has become lately. Just because it has a flashy website or it makes the news doesn't mean you need to care.


If you've read all the way to here, congratulations! You're one of the rare people who doesn't just retweet based on the page title :)


But how are journalists supposed to know which bugs are bad and which bugs aren't?​


Talk to people. In particular, talk to people other than the people who discovered the bug. The latter may or may not be honest about the real impact.


If you hear the words “covert channel”... it's probably overhyped. Most of these come from paper mills who are endlessly recycling the same concept with approximately zero practical security impact. The titles are usually clickbait, and sometimes downright deceptive.


I came here from a news site and they didn't tell me any of this at all!​


Then perhaps you should stop reading that news site, just like they stopped reading this site after the first 2 paragraphs.
Click to expand...
Looks like phonearena isn't a great site to be getting security info from :p
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back