The chipsets of Apple’s M series have been garnering praise since the beginning. In 2020, the Cupertino giant began transitioning to in-house chips for Mac Introduced the M1 chip to overcome products and transitions. M1 – is found inside Macbook Air, Macbook Pro and the Mac Mini – highly praised for its efficiency. However, researchers have found a new vulnerability that attacks M1’s “last line of defence.” but Apple Not ‘worried’ about it.
A team of security researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) managed to defeat the M1’s security measures, breaching the chip’s last line of security, pac (pointer authentication code). Researchers developed a new attack combining memory corruption and speculative execution, bypassing M1’s security. They found that the chip’s last line of security, often referred to as a PAC (Pointer Authentication Code), could be breached through a hardware attack, allowing attackers to gain access to the MAC.
how does pacman Affects the M1 chip?
Pointer authentication is a security feature that helps protect the CPU when an attacker gains access to memory. So, there are pointers that save the memory address, while the Pointer Authentication Code (PAC) checks for any unexpected pointer changes caused by the attack, and prevents the attacker from gaining system access.
However, the team of researchers found a way to breach the authentication feature and thus gain access to the system using the PACMAN attack. The vulnerability pointer finds the correct value to authenticate, allowing the hacker to continue the attack.
MIT researchers say a hardware device is involved in the attack, so a software patch won’t be able to fix the problem. Also, an attacker does not need physical access to the system to execute PACMAN. Furthermore, the PACMAN vulnerability is not limited to the M1 chip as Apple’s other ARM chips also use PAC, including both M-series and A-series chips.
Apple acknowledged the PACMAN vulnerability and issued a statement saying, “We would like to thank the researchers for their cooperation as this proof of concept advances our understanding of these technologies. Together with our analysis by the researchers Based on the details shared with us, we have concluded that this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own.
The MIT CSAIL team will reveal more details about the PACMAN vulnerability on June 18 at the International Symposium on Computer Architecture.