The response from users to the first Macs based on the Apple M1 SoC was pretty good, but a few months after their release, reports began to surface of problems with the new platform.
Security researchers have discovered the first browser side-channel attack without JavaScript. At the same time, it has already been confirmed that new devices based on the Apple M1 SoC are vulnerable to this attack.
A new critical vulnerability in Apple M1
Researchers at Cornell University studied the effectiveness of disabling or limiting JavaScript to prevent or mitigate attacks. In the course of their research, they discovered a vulnerability that works even if the execution of the script is completely blocked in the browser.
The vulnerability allows attackers to monitor the user’s web activity. Moreover, this vulnerability can not only bypass JavaScript, but also ignore privacy technologies such as VPN or TOR.
The team tested Intel Core, AMD Ryzen, Samsung Exynos and Apple M1 platforms, all of which were vulnerable to the attack, although the researchers say the Apple M1 and Samsung Exynos SoCs are the most vulnerable.
This is the second vulnerability in the Apple M1 SoC in recent weeks. Last month, researchers discovered malware called Silver Sparrow.
Gizchina News of the week
An unknown malware infects Tens of thousands of Macs
While news of malware infections on Macs is relatively rare, new information about nearly 30,000 Macs infected is a matter of concern due to its complex nature and lack of information available.
Researchers at Red Canary have discovered a new type of macOS malware they dubbed Silver Sparrow. The malware is strange for many reasons, the main one being that it has remained largely inactive until now. Despite the fact that it exchanges data with the command and control servers once an hour; waiting for the execution of potentially malicious binaries, at the moment Silver Sparrow has not harmed infected computers.
Macs and an unknown malware
In addition to the Intel x86_64 variant, an analog for the Apple M1 is avilable. Both versions contain “third-party observer binaries” that print “Hello World!” and “You did it!” Displaying such messages on the screen is not a serious problem; but potentially the malware can start performing some work on request from the control servers. Red Canary emphasized that complex infrastructure leverages CDNs and AWS networks effectively, making it difficult to track and remove.
Another interesting fact about Silver Sparrow is that it contains self-destruct mechanisms that remove all traces of malware from infected devices. They did not observe this mechanism by default on infected computers.
Red Canary reported that as of February 17, 2021, 29,139 macOS devices have been infected in 153 countries.
