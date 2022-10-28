At best deals,

O asahi is a project created to take the Linux to Macs equipped with Apple Silicon chips (M1 and M2). What no one expected is that this work would help Apple fix a flaw that affects not only Macs, but also iPhones and iPads. It all starts with the efforts of a developer who identifies as Asahi Lina.

Apple M1 chip (image: reproduction/Apple)

At the helm of Asahi Linux is developer Hector Martin, also known as Marcan. Thanks to his work, Apple Silicon Macs have supported Linux since kernel version 5.13, although this support is not yet complete.

Marcan is not alone in this endeavor. One of the most recent advances of the project is a driver for the GPU of Apple Silicon chips that already allows the execution of some games. Yes, Asahi Lina is the one behind this feat.

It is obvious that Asahi Lina is a fictitious name. On Twitter, the developer claims to be a “VTuber”, that is, a virtual youtuber, who uses a digital avatar to identify herself. In her channel, she celebrated the fact that the Gnome environment and applications like Firefox run on a Mac with M1 thanks to the driver in question.

How does Apple get into this story?

Apple has no interest in seeing Linux running on Macs with an M1 or M2 chip. Because of this, the company does not provide complete documentation or any other help that pave the way for other operating systems on its platform.

To make Linux a reality on these Macs, Asahi developers resort to complex techniques, most notably reverse engineering. That’s basically how Lina managed to get the project’s GPU driver so far.

Everything indicates that, during this work, the developer found a flaw that affects the GPU controllers of several Apple devices. The vulnerability was reported and acknowledged by the company, which credited Asahi Lina with the discovery.

On Twitter, the developer celebrated the recognition, and rightly so. After all, the flaw allows the execution of malicious code with administrator privileges on the system. The bug is serious, therefore.

The issue affects not only Macs, but iPhones (version 8 and up), all models of the iPad Pro, the iPad Air (third generation or higher), the “normal” iPad (5th generation or higher) and the iPad Mini. (from the fifth generation).

Asahi Linux Desktop (image: The Register)

Got a reward?

In response to Lina’s tweet, someone commented “hope they pay you well”. She replied, “waiting for it”. And she can wait, really. It is Apple’s policy not only to recognize, but to reward reported vulnerabilities.

A recent example comes from developer Guilherme Rambo, who discovered a bug in iOS that allows apps to spy on Siri conversations. He was paid $7,000 for that.

It is unclear how much Lina will receive for her discovery. In fact, she claims that she still cannot give details on the matter. In any case, the developer promises to make an online broadcast about the flaw soon.

I know, there was a question in the air: who is Asahi Lina? There are strong indications that we are talking about Alyssa Rosenzweig, a developer who actively participates in the Asahi Linux project. On her website, she has already published several texts “dissecting” the Apple M1 GPU, starting with this one.