CoreSight is not Apple proprietary, it’s part of ARM’s offering. This vulnerability appears to be part of CoreSight.

> but I believe the ARM one is basically from-scratch

You are wrongly believing then. There’s still a bunch of ARM IP in their CPU.