On 2022-06-10 17:58, NewsKrawler wrote:

https://gizmodo.com/apple-m1-chip-security-vulnerability-pacman-unpatchable-1849046101
Newly Discovered Apple M1 Security Flaw is Unpatchable

MIT Computer Science & Artificial Intelligence Laboratory (CSAIL)
scientists revealed in a recent paper a vulnerability in what they call the "last line of security" for the M1 chip.

Same article: QUOTE
M1 Mac owners don’t need to worry about having their sensitive data
stolen. While this is a severe vulnerability that will need to be
addressed, certain unlikely conditions need to be in place for it to
work. Foremost, the system under attack needs to have an existing memory corruption bug. As such, the scientists say there is “no cause for
immediate alarm.”

For its part, Apple thanked the researchers in a statement to TechCrunch
but emphasized that the “issue” doesn’t pose an immediate risk to
MacBook owners.

“We want to thank the researchers for their collaboration as this proof
of concept advances our understanding of these techniques,” Apple said. “Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate
risk to our users and is insufficient to bypass operating system
security protections on its own.”

/QUOTE

... and much more ... it's a last line after many other lines have been breached ...

IOW not much ado ...


--
"Mr Speaker, I withdraw my statement that half the cabinet are asses -
half the cabinet are not asses."
-Benjamin Disraeli

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

https://gizmodo.com/apple-m1-chip-security-vulnerability-pacman-unpatchable-1849046101
Newly Discovered Apple M1 Security Flaw is Unpatchable

MIT Computer Science & Artificial Intelligence Laboratory (CSAIL)
scientists revealed in a recent paper a vulnerability in what they call the "last line of security" for the M1 chip.

Apple thanked the researchers in a statement to TechCrunch but emphasized
that the "issue" doesn't pose an immediate risk to MacBook owners.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-06-10, Alan Browne <bitbucket@blackhole.com> wrote:

it's a last line after many other lines have been breached ...

It's a lifetime hardware design flaw.

The key concern is that it's unpatchable which makes it likely malware
actors will find it profitable to spend resources to closely focus on exploiting any current or inevitable future zero-day cracks in the armor
that accidentally arise during the expected lifetime of the M1 hardware.

https://www.techradar.com/news/apple-m1-chip-has-an-unpatchable-security-flaw-but-dont-panic-just-yet
Apple M1 chip has an 'unpatchable' security flaw, but don't panic just yet

PACMAN, the exploit that the MIT researchers designed, relies on a
combination of software and hardware exploits that test whether a signature
is accepted, and since there are only a finite number of possible
signatures, it is possible for PACMAN to try them all, find out which one
is valid, and then have a separate software exploit use that signature to bypass this final defense mechanism in the M1 chip.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-06-10 18:16, NewsKrawler wrote:

On 2022-06-10, Alan Browne <bitbucket@blackhole.com> wrote:

it's a last line after many other lines have been breached ...

It's a lifetime hardware design flaw.

The key concern is that it's unpatchable which makes it likely malware
actors will find it profitable to spend resources to closely focus on exploiting any current or inevitable future zero-day cracks in the armor
that accidentally arise during the expected lifetime of the M1 hardware.

Reality: more likely they'll look at the obstacles to even getting
within sight of the flaw and go looking for more likely to succeed attacks.

--
"Mr Speaker, I withdraw my statement that half the cabinet are asses -
half the cabinet are not asses."
-Benjamin Disraeli

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-06-10, Alan Browne <bitbucket@blackhole.com> wrote:

Reality: more likely they'll look at the obstacles to even getting
within sight of the flaw and go looking for more likely to succeed attacks.

Your view of reality works only as long as there are no software flaws
during the life of the M1 hardware which bad actors can then use to take advantage of this permanent and now well known unpatchable hardware flaw.

However if related software flaws do exist during the lifetime of the M1,
and if actors care to exploit them, then they gain absolute full control.

My view of reality is actors certainly will try but your version of reality that bad actors won't care to look to gain this full control is as valid.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-06-11 10:56, NewsKrawler wrote:

On 2022-06-10, Alan Browne <bitbucket@blackhole.com> wrote:

Reality: more likely they'll look at the obstacles to even getting
within sight of the flaw and go looking for more likely to succeed attacks.

Your view

My view is based on the reality of the situation, not a sieve of wonderment.

You have a talent for posting clicky titles, but little for
understanding what lies beneath the surface.


--
"Mr Speaker, I withdraw my statement that half the cabinet are asses -
half the cabinet are not asses."
-Benjamin Disraeli

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-06-11, Alan Browne <bitbucket@blackhole.com> wrote:

My view is based on the reality of the situation, not a sieve of wonderment.

I'm not prepared to agree with you as glibly as you make that claim.

Your view depends on actors not caring to attempt to exploit this permanent design flaw in the M1 hardware that is now widely known around the world.

My view depends on actors caring to try in software to exploit this
permanent unpatchable M1 hardware flaw during the life of the M1 hardware.

Your view is as valid as is mine at this stage of the situation.

You have a talent for posting clicky titles

I reported the title exactly as it was reported in that news report.
I then provided two sentences from the article which were also exact.

The first quote reported the flaw exactly as it was stated.
The second quote reported Apple's exact response to the flaw.

From the two quoted sentences you glibly assumed I don't understand?
I could argue you don't have enough data to make that glib assumption.

but little for understanding what lies beneath the surface.

Your view is as valid as is mine as this is a newly published M1 flaw.

I could argue your position relies on zero actors wanting to exploit the
flaw while my position relies on one or more actors wanting to exploit it.

Over the life of the M1 hardware.

My position realistically relies on a statistical probability greater than zero. Your position glibly requires a statistical probability of zero.

Over the life of the M1 hardware.

I argue you & I don't have enough data to resolve that statistical discord. Over time we will be able to resolve the statistical discord with new data.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

NewsKrawler <newskrawl@krawl.org> wrote:

Your view of reality works only as long as there are no software flaws
during the life of the M1 hardware which bad actors can then use….

Bad actors? You mean like Keanu Reeves?

Of you do actually mean CRIMINALS?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-06-12 17:17, Bob Campbell wrote:

NewsKrawler <newskrawl@krawl.org> wrote:

Your view of reality works only as long as there are no software flaws
during the life of the M1 hardware which bad actors can then use….

Bad actors? You mean like Keanu Reeves?

Of you do actually mean CRIMINALS?

Does the term "criminal act" ring a bell with you?

--
"Mr Speaker, I withdraw my statement that half the cabinet are asses -
half the cabinet are not asses."
-Benjamin Disraeli

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Alan Browne <bitbucket@blackhole.com> wrote:

On 2022-06-12 17:17, Bob Campbell wrote:

NewsKrawler <newskrawl@krawl.org> wrote:

Your view of reality works only as long as there are no software flaws
during the life of the M1 hardware which bad actors can then use….

Bad actors? You mean like Keanu Reeves?

Of you do actually mean CRIMINALS?

Does the term "criminal act" ring a bell with you?

Yes, of course. That’s why they are called CRIMINALS. Not “bad actors”. 🙄

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-06-12 20:15, Bob Campbell wrote:

Alan Browne <bitbucket@blackhole.com> wrote:

On 2022-06-12 17:17, Bob Campbell wrote:

NewsKrawler <newskrawl@krawl.org> wrote:

Your view of reality works only as long as there are no software flaws >>>> during the life of the M1 hardware which bad actors can then use….

Bad actors? You mean like Keanu Reeves?

Of you do actually mean CRIMINALS?

Does the term "criminal act" ring a bell with you?

Yes, of course. That’s why they are called CRIMINALS. Not “bad actors”.
🙄

Given your pedantic first shot I'm not surprised you're trying "squirm
out of it" mode.


--
"Mr Speaker, I withdraw my statement that half the cabinet are asses -
half the cabinet are not asses."
-Benjamin Disraeli

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)