Within the first few months of the launch of Apple M1, Mac users have said that it began smoothly, but several problems appeared on their M1 devices after a while. 

Recently, the side-channel attack, which traces its root from the browser, was discovered by security researchers. The said attack works without JavaScript. Furthermore, the new devices based on the Apple M1 SoC (System on a chip) could be exposed to cyber attacks.  

Apple M1's Vulnerability 

 Apple M1 Exposes Vulnerability Against Javascript Side-Channel Attacks
(Photo : Screenshot from YouTube/Linus Tech Tips)
Apple M1

In a report by Gizmochina, disabling Javascript or at least limiting it is part of the Cornell University researchers' study when it comes to the effectiveness of the process. They unveiled that when someone enables the script in the browser, they can be easily blocked due to the vulnerability. 

Furthermore, it also leads to tracking the activities of the users. Besides that, it can bypass JavaScript, and it can also pass through virtual private networks, which is another thing to worry about.

In the study, the team performed a test in platforms involving Apple M1, Samsung Exynos, Intel Core, and AMD Ryzen. When the experiment was finished, they found out that the Samsung Exynos and the Apple M1 SoCs posted the highest vulnerability level. 

This is rather alarming for Apple, as this is now the second vulnerability issued recorded in Apple M1 SoC in recent weeks. Silver Sparrow, an example of very harmful malware, was encountered by the researchers last February. 

The study was entitled "Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses," which was published in the Cornell University Chronicle.

Read Also: Delayed Apple Card Payment Will Not Disable Your Apple ID, Says Company 

Unidentified Malware Has Infected Thousands of Macs 

New information revealed that nearly 30,000 Macs were infected, even though infection among the devices is only occasional. The information about this attack, however, is still lacking. 

Red Canary researchers came up with the Silver Sparrow, a malware that exploited MacOS. 

In addition, it functions as an instant data exporter, which can carry out tasks once per hour while infecting binary executions. During the time of writing, the said malware has not yet harmed any computers. 

You should know regarding Silver Sparrow that they can enable self-destruction, so users cannot see any trace of the malware in the devices.  

Besides, the third-party observer binaries in Intelx86 and Apple M! wrote "Hello World!' and "You Did it!" While these messages appear to be some simple programming, the moment you see these displays, a malware attack may have already been launched.

Red Canary also mentioned that due to CDNS and AWS Networks' ambiguous structure, tracking the malware will not be easy. 

As of Feb. 17, Red Canary said that in 153 countries, 29,139 macOS devices had been infected by the malware.

Related Article: Intel Side-Channel Attack Exposes Processors' Vulnerability to Data Theft 

This article is owned by Tech Times

Written by Joen Coronel

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion