How MIT’s Custom OS Exposed a Hidden M1 Chip Flaw
To move beyond improvised testing tools, a team of MIT researchers built a new operating system from scratch, called Fractal, specifically to study how modern processors behave. Unlike general-purpose platforms such as macOS, Fractal strips the system down to essentials, giving researchers precise, low-level control over the hardware and eliminating background noise that can distort results. Running on x86_64, ARM64, and RISC-V, and equipped with familiar tools like Vim, GCC, and the Dash shell, Fractal lets existing research workflows migrate with minimal friction. When the team ran Apple’s M1 chip under this “microscope of operating systems,” they uncovered a previously undetected flaw tied to speculative execution and security boundaries. The discovery shows that even widely deployed and heavily tested chips can still hide corner-case behaviours that standard operating systems and conventional testing techniques simply don’t reveal.
Inside the M1 Chip Flaw: CSV2, Cache Fetches, and Phantom Speculation
At the heart of the newly uncovered M1 chip flaw is CSV2, a built-in protection mechanism meant to keep code from crossing security boundaries inside the processor. In normal conditions, CSV2 does its job: it blocks code from fully executing where it shouldn’t. However, the MIT team found that even when CSV2 prevents execution, the M1 still quietly pulls data into its cache first. That prefetch behaviour can provide a foothold for a processor vulnerability, because attackers might infer sensitive information by measuring timing and cache effects rather than executing forbidden code directly. Fractal also revealed that “phantom speculation”—a subtle class of speculative execution exploit previously observed only on Intel and AMD processors—appears on Apple Silicon as well. In short, the MacBook processor issue doesn’t break CSV2 outright, but it shows that speculative work the chip was “never supposed to do” can still occur behind the scenes.
Why Previous Tests Missed the MacBook Processor Issue
One of the most striking outcomes of the Fractal project is that it overturned earlier research on the M1’s branch predictor, especially on the chip’s efficiency cores. Previous work had suggested a particular part of the branch predictor was safe on those cores. Under Fractal’s tighter control, MIT researchers showed that conclusion was wrong. The key, according to lead researcher Joseph Ravichandran, is that privilege level—not the core itself—was driving whether an attack succeeded. On macOS, the operating system was quietly moving the test process between cores, masking the true behaviour of the predictor and leading to a misleading result. Fractal, by contrast, locks experiments down so that changes in privilege, cores, and context are explicit and observable. This episode highlights a broader problem: modern processors are so complex that ordinary OS scheduling can hide critical microarchitectural details from even diligent security testing.
Real-World Impact on Apple M1 Performance and Security
For everyday MacBook users, the immediate impact of this M1 chip flaw appears limited, but it is not trivial from a security standpoint. The issue is fundamentally about speculative execution and cache behaviour rather than a simple software bug. It does not suggest that M1-based laptops are suddenly unsafe to use, and there is no indication of widespread exploitation in the wild. However, the finding adds another entry to the growing list of speculative execution risks, where attackers can potentially extract information without breaking traditional software protections. Because the flaw resides in how the hardware speculates and fills its cache, fully patching it could require microcode or architectural changes, not just app updates. Apple’s security team has already been briefed and has examined both the findings and Fractal, which is a critical first step toward assessing whether mitigations can be rolled into firmware updates or must wait for new chip generations.
What This Means for Future Apple Silicon and Testing Methodologies
Beyond the specific M1 chip flaw, the MIT work underscores that current processor testing methodologies and tools may not be enough to surface all microarchitectural risks. Fractal’s 31,000-plus lines of code are designed as a reusable platform, not a one-off test harness, so other researchers can now probe x86_64, ARM64, and RISC-V processors with similarly fine-grained control. For Apple, this discovery will likely inform how future Apple Silicon generations are validated, particularly around speculative execution, branch prediction, and internal protections like CSV2. While Apple has not publicly detailed any changes in newer chips in response to this research, the existence of a cross-vendor issue like phantom speculation suggests ongoing collaboration between hardware makers and the security community will be essential. For users, the practical takeaway is that chip security is a moving target—and specialized research OSes like Fractal will be key to keeping future MacBooks resilient.