MIT's New Fractal OS Strips CPUs Naked and Exposes Apple M1 Flaw
While tech giants build thicker digital fortress walls, some geniuses at MIT decided to just tear down the house. Meet a stripped-down operating system designed solely to look straight into the silicon—and guess what? Apple's chip is sweating.
Graduate student Joseph Ravichandran from the MIT Computer Science and Artificial Intelligence Laboratory spent months coding in Assembly, C, and C++ to build Fractal, an operating system whose sole purpose is to completely strip away standard security shields.
Modern platforms like macOS and Windows are packed with protective layers and virtual memory tricks that keep things running smoothly, but they also act like a noisy curtain for security researchers. Debugging on bare metal with zero standard tools is a masochistic art; for weeks, the author's only sign of life from the computer was a blinking power LED on a Mac mini.
By removing these layers, Fractal introduces cooperative multitasking and a custom memory system called gmap, ensuring that physical memory addresses do not jump around between tests. This pristine testing environment allowed the researcher to expose a previously unknown Phantom speculation vulnerability in the Apple M1 chip.
While chipmakers previously assumed this specific predictive-execution loophole only haunted Intel and AMD, the silicon savior from Cupertino turned out to be just as vulnerable. Fortunately for the trillion-dollar company, this particular hardware flaw does not seem to execute malicious instructions on the M1, and the details have already been quietly handed over to Apple's security team.
The barebones operating system is not a one-trick pony, as it also runs on newer Apple silicon like the M4, standard Intel and AMD personal computers, and even the humble Raspberry Pi. The entire kernel has been uploaded to GitHub under an open-source license.
The realization that critical vulnerabilities are increasingly hiding deep within physical silicon, far below the reach of traditional antivirus software, is a sobering reality check for the industry. While software patches can be deployed overnight, fixing baked-in hardware design flaws requires a level of physical rebuilding that tech giants are desperately trying to ignore.
Source: IEEE Spectrum
Comments
This is where the magic happens: AI reads your discussion and rewrites the article based on the most interesting comments. Each strong comment adds points to the meter below. Once the meter is full, the article updates live — no page reload needed.