| Recurring |
unknown |
(a) The software failure incident related to the flaw in Apple's new M1 CPU, known as M1racles, is specific to Apple products, particularly M1-based Macs. This incident has not been reported to have happened before within the same organization [114031].
(b) The article does not mention any similar incident happening at other organizations with their products or services. Therefore, there is no information available regarding this incident occurring at multiple organizations [114031]. |
| Phase (Design/Operation) |
design |
(a) The software failure incident related to the design phase is evident in the flaw discovered in Apple's new M1 CPU. The flaw creates a covert channel that allows two or more malicious apps to transmit information to each other without using computer memory, sockets, files, or any other operating system feature. This flaw, named M1racles, violates the OS security model by enabling secret data transmission between processes running as different users and under different privilege levels [114031].
(b) The software failure incident related to the operation phase is not explicitly mentioned in the provided article. |
| Boundary (Internal/External) |
within_system |
(a) The software failure incident related to the flaw in Apple's new M1 CPU, known as M1racles, falls within the system boundary. The flaw creates a covert channel that allows two or more malicious apps already installed on a Mac to transmit information to each other without using computer memory, sockets, or any other operating system feature [114031]. This vulnerability is a result of a bug in the CPU architecture itself, specifically in a per-cluster system register in ARM CPUs accessible by EL0 mode, which is reserved for user applications [114031]. The flaw cannot be used by exploits or malware to steal or tamper with data on a machine but can only be abused by malicious apps that are already installed on the system [114031]. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident in Article 114031 occurred due to a flaw in Apple's new M1 CPU that created a covert channel allowing two or more malicious apps to transmit information to each other. This flaw was found by a developer, Hector Martin, and was related to a per-cluster system register in ARM CPUs accessible by EL0 mode, which allowed for the covert channel to be created [114031].
(b) The software failure incident in Article 114031 was not directly caused by human actions but rather by a design flaw in the CPU architecture that enabled the creation of a covert channel for communication between malicious apps. The flaw was discovered by a developer who stumbled upon it while working on a project to port Linux to M1-based Macs [114031]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident in Article 114031 is related to hardware. The flaw in Apple's new M1 CPU that creates a covert channel allowing two or more malicious apps to transmit information to each other originates from a per-cluster system register in ARM CPUs accessible by EL0 mode, which is a hardware-level issue [114031]. The bug cannot be patched or fixed in existing chips, indicating a hardware-level limitation [114031].
(b) The software failure incident in Article 114031 is also related to software. The flaw, known as M1racles, allows for surreptitious communication between apps running on macOS, indicating a software vulnerability [114031]. The bug is exploited by two or more malicious apps that have already been installed on a Mac, showcasing a software-level issue [114031]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident related to the flaw in Apple's new M1 CPU is considered malicious. The flaw creates a covert channel that can be exploited by two or more malicious apps to transmit information to each other surreptitiously. This communication channel violates the OS security model and allows for secret data exchange between processes running as different users and under different privilege levels [114031]. |
| Intent (Poor/Accidental Decisions) |
accidental_decisions |
(a) The intent of the software failure incident:
The software failure incident related to the flaw in Apple's new M1 CPU, known as M1racles, was not due to poor decisions but rather an accidental decision or mistake. Developer Hector Martin stumbled upon the flaw while using a tool called m1n1 and initially thought it was a proprietary feature. It was later discovered that the behavior was a bug that even Apple developers were not aware of. This accidental discovery led to the identification of the vulnerability in the CPU [114031]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident related to development incompetence is not evident in the provided article.
(b) The software failure incident related to accidental factors is evident in the article. The flaw in Apple's new M1 CPU, known as M1racles, was discovered by a developer named Hector Martin while using a tool called m1n1. Initially, Martin thought the behavior was a proprietary feature and openly discussed it in developer forums before realizing it was a bug that even Apple developers were unaware of. This indicates that the flaw was accidental and not intentionally introduced [114031]. |
| Duration |
permanent |
(a) The software failure incident related to the flaw in Apple's new M1 CPU, known as M1racles, is considered permanent. The flaw, designated as CVE-2021-30747, is a vulnerability that violates the OS security model by allowing covert communication between two or more malicious apps already installed on a Mac [114031]. The bug cannot be patched or fixed in existing chips, and users concerned about the flaw have no other recourse than to run the entire OS as a properly configured virtual machine, which incurs a serious performance penalty [114031]. This indicates that the nature of the flaw is permanent and cannot be completely resolved without significant trade-offs in performance. |
| Behaviour |
value, other |
(a) crash: The article does not mention any crash incident related to the software failure incident reported [114031].
(b) omission: The software failure incident reported in the article is not related to the system omitting to perform its intended functions at an instance(s) [114031].
(c) timing: The software failure incident reported does not involve the system performing its intended functions correctly, but too late or too early [114031].
(d) value: The software failure incident is related to the system performing its intended functions incorrectly, as it describes a flaw in the Apple M1 CPU that creates a covert channel allowing two or more malicious apps to transmit information to each other [114031].
(e) byzantine: The software failure incident does not involve the system behaving erroneously with inconsistent responses and interactions [114031].
(f) other: The behavior of the software failure incident is related to the system having a flaw that creates a covert channel for two or more malicious apps to communicate, violating the OS security model and allowing unauthorized data exchange between processes [114031]. |