iPad Pro M1 security flaw

[jsmith1]

iPad Pro's M1 chip has an unfixable security flaw

A developer has discovered that Apple's M1 and A14 Bionic chips have a hardware security flaw that can't be fixed via software.

www.phonearena.com

True or not?

Guess my iPhone 12 is safe although it has a flaw as well but I won’t be getting iPad with M1 as I do lots of banking online...

“Apple has been made aware of the issue and the company has acknowledged it.”

ok looks real, this is going to be a problem for Apple

 

[VineRider]

From the article

Thankfully, the vulnerability does not pose any serious security risks and at worst, it could be used by advertisers for cross-app tracking. Martin says it cannot be used by bad actors to take over your device or steal your private information.

 

[ericwn]

From the article:

“So you're telling me I shouldn't worry?

Yes.”

Next!

 

[jsmith1]

From the article

Thankfully, the vulnerability does not pose any serious security risks and at worst, it could be used by advertisers for cross-app tracking. Martin says it cannot be used by bad actors to take over your device or steal your private information.

I’m still trying to determine what this really means from other sources as well, I basically use my iPad for banking and other sensitive information and am wondering now how safe it will be, current iPad ok but my phone maybe maybe not. In the coming days I’m sure more info will be released.

 

[Lihp8270]

Headline about a security flaw in that the article says there’s no security risk

 

[PrettyWings]

I wondered why they couldn’t patch this by enforcing things at the App Store level.

This is what the article says:

“Honestly, I would expect advertising companies to try to abuse this kind of thing for cross-app tracking, more than criminals. Apple could catch them if they tried, though, for App Store apps.”

 

[VineRider]

i wouldn’t worry. Hit the link to the Hector Martin link in the article and he basically says it’s nothing to worry about

M1RACLES: An Apple M1 Vulnerability

 

[Lihp8270]

I’m still trying to determine what this really means from other sources as well, I basically use my iPad for banking and other sensitive information and am wondering now how safe it will be, current iPad ok but my phone maybe maybe not. In the coming days I’m sure more info will be released.

As it states in the article.

Covert channels cannot leak data from uncooperative applications.

The flaw essentially could allow 2 separate apps to talk without going through the usual channels. So Google could make YouTube talk to chrome and could show adverts based what you did in other apps that are sharing. Unless your banking info etc is offering up that to other apps there is no risk.

The reality is that the only way this would be exploited is to get around the cross app tracking option

 

[Lihp8270]

I wondered why they couldn’t patch this by enforcing things at the App Store level.

This is what the article says:

The reviewers aren’t going to know what data is being secretly shared between apps.

 

[Apple_Robert]

As long as the installed apps being used have been properly Apple notarized, I am not really concerned.

 

[AutomaticApple]

The reviewers aren’t going to know what data is being secretly shared between apps.

Nor would you know.

 

[itickings]

The reviewers aren’t going to know what data is being secretly shared between apps.

Maybe, maybe not.

Depending on the nature of the flaw, automatic analysis could flag the app’s attempt to use it. If that’s the case it can easily be rejected anyway. Doesn’t matter exactly what they share that way.

 

[Once-ler]

Look at the source, and keep reading.

So what's the point of this website?​

Poking fun at how ridiculous infosec clickbait vulnerability reporting has become lately. Just because it has a flashy website or it makes the news doesn't mean you need to care.


If you've read all the way to here, congratulations! You're one of the rare people who doesn't just retweet based on the page title

But how are journalists supposed to know which bugs are bad and which bugs aren't?​

Talk to people. In particular, talk to people other than the people who discovered the bug. The latter may or may not be honest about the real impact.


If you hear the words “covert channel”... it's probably overhyped. Most of these come from paper mills who are endlessly recycling the same concept with approximately zero practical security impact. The titles are usually clickbait, and sometimes downright deceptive.

I came here from a news site and they didn't tell me any of this at all!​

Then perhaps you should stop reading that news site, just like they stopped reading this site after the first 2 paragraphs.

Looks like phonearena isn't a great site to be getting security info from