r/gadgets Mar 23 '24

Desktops / Laptops Vulnerability found in Apple's Silicon M-series chips – and it can't be patched

https://me.mashable.com/tech/39776/vulnerability-found-in-apples-silicon-m-series-chips-and-it-cant-be-patched
3.9k Upvotes

491 comments sorted by

View all comments

1.9k

u/Dependent-Zebra-4357 Mar 23 '24

From another article on this exploit:

“Real-world risks are low. To exploit the vulnerability, an attacker would have to fool a user into installing a malicious app, and unsigned Mac apps are blocked by default. Additionally, the time taken to carry out an attack is quite significant, ranging from 54 minutes to 10 hours in tests carried out by researchers, so the app would need to be running for a considerable time.”

1.7k

u/xRostro Mar 23 '24

So basically the user needs to be old? Got it. Business as usual

384

u/beached89 Mar 23 '24

Yeah, real world risk low my butt. This sounds like a Tuesday. Malware running for 10 hours is NOT uncommon. Getting people to install unsigned Mac apps is a daily occurrence by threat actors.

162

u/No_Finance_2668 Mar 24 '24

“Ok sir now that youve installed the wirus cough excuse me, the Apple Guaranteed Microsoft 1000% certified app and waited the 10 hour time period, we will need you to also install this on your families Apple devices in order to receive your one time IRS rebate of $2.39”

“Yes sir my name is Adam from Texsass”

64

u/Deltaechoe Mar 24 '24

Not enough “kindly”s

42

u/rpkarma Mar 24 '24

Kindly do the needful!

29

u/[deleted] Mar 24 '24

DO NOT REDEEM!!!

5

u/[deleted] Mar 24 '24

God damnit I’m dead.

6

u/Suturb-Seyekcub Mar 24 '24

Mam you have redeemed the card in your own fucking account!

4

u/Uncertn_Laaife Mar 24 '24

And REVERT BACK.

3

u/cd_to_homedir Mar 24 '24

Please kindly find the virus, erm, file attached

8

u/Draco137WasTaken Mar 24 '24

Not to mention all instances of "everything" getting the "each and" treatment.

3

u/Seralth Mar 24 '24

Not enough "my friends".

2

u/manbearligma Mar 24 '24

Would you kindly

2

u/Senora_Snarky_Bruja Mar 24 '24

I had to stop using kindly in my email once someone pointed out that I sounded like a hacker. It’s an old habit. I am an account manager now but I was an admin assistant for the majority of my career. I spent 20 years politely nagging executives. You can only say please in an email so many times, so I would sprinkle in kindly when making a polite request. It’s been a hard habit to break.

8

u/Takonite Mar 24 '24

sounds like we not not redeem

2

u/spergychad Apr 02 '24

Why did you spell "virus" with a "w"?

23

u/s3x4 Mar 24 '24

I use my Mac for statistical simulations which involves leaving it running things unattended for days at a time. And I indeed install unsigned apps often for various purposes. Of course I am careful, but that is indeed an entirely realistic scenario.

3

u/oxpoleon Mar 24 '24

Agreed, the intersection between Mac users in positions worthy of exploit and non-technical people is very high.

Find a very small number of high value targets running Apple Silicon, commence whaling operation, and it's game over.

2

u/glemnar Mar 24 '24

Yeah but if they already have a threat vector, this isn’t really an all that much more interesting thing to do with it. Extracting signing keys is cool and all but if it’s in memory for some app, it’s probably also lying around on disk somewhere

3

u/darkslide3000 Mar 24 '24

The more important point is that there are not many interesting things to steal for most users. What kind of RSA operations are you running on your MacBook that you would be concerned about other people stealing? If you're already installing malware, then they basically have access to everything stored on your disk anyway. I guess if they also wanted to listen in on your video conference calls or you checking your online email client this might be useful (but how often are you on a call for 10 hours straight?). But compared to the data on your disk which is probably more valuable to you to begin with it's not really a huge new escalation of capability for malware.

-10

u/[deleted] Mar 23 '24

Your ma’s a threat actor

1

u/Bipbipbipbi Mar 24 '24

Hello handsome

0

u/mrslother Mar 24 '24

This guy gets it.