Apple’s M series of chipsets have been gaining praise ever since their inception. In 2020, the Cupertino giant began transitioning to in-house chips for its Mac products and introduced the M1 chip to kick off the transition. The M1 – found inside the MacBook Air, MacBook Pro and Mac mini – was highly praised for its efficiency. However, researchers have found a new vulnerability that attacks M1’s “last line of security.” But Apple is not ‘worried’ about it.
A team of security researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) managed to defeat M1’s security measures, breaching the chip’s last line of security, the PAC (pointer authentication codes). The researchers developed a novel attack combining memory corruption and speculative execution, bypassing M1’s security. They found that the chip’s last line of security, often known as PAC (pointer authentication codes), can be breached through a hardware attack allowing attackers to gain access to the Mac.
How does the PACMAN affect the M1 chip?
Pointer Authentication is a security feature that helps protect the CPU when an attacker gains access to memory. So, there are pointers which save memory addresses, while the pointer authentication code (PAC) checks for any unexpected pointer changes caused by the attack, and stops the attacker from getting the system access.
However, the team of researchers found a way to break the authentication feature thus gaining access to the system using the PACMAN attack. The vulnerability finds the correct value to authenticate the pointer authentication, allowing the hacker to continue with the attack.
The researchers at MIT say that the attack involves a hardware device so a software patch would not be able to fix this issue. Also, an attacker does not need physical access to the system to execute PACMAN. Also, the PACMAN vulnerability is not just limited to the M1 chip as other ARM chips from Apple also use the PAC including both M-series and A-series chips.
Apple acknowledged the PACMAN vulnerability and released a statement reading, “We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques. Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own.”
MIT CSAIL team will be revealing more details about the PACMAN vulnerability on June 18 at the International Symposium on Computer Architecture.