A flaw in the design of the chip allows any two applications running under the control of the system to exchange data without using memory, sockets, files, or other “normal” OS capabilities.
The programmer who discovered the error notes that during production the company decided to violate the ARM specifications by removing one of the required functions. The company may have believed that macOS would never need this component.
Since the vulnerability is at the hardware level, it cannot be fixed without a new chip revision with improvements. Devices already released and sold cannot be corrected.
Fortunately, the vulnerability poses a small threat, and Martin also considers it non-critical.
The company is aware of the M1 vulnerability. They believe that attackers will not be able to use it, since the data transfer process works exclusively within one PC and only when a special send command is initiated, and transmission to the external environment is impossible without the user’s permission.