Apple's M1 series of silicon processors can be found not only in its Mac Minis and Macbooks, but also in its iPads. If a malicious attack were to target modern Apple products, a cybersecurity vulnerability in the SoC could result in many of them being affected.
Following the announcement of Apple's new M2 silicon processors at Apple WWDC 2022, news broke that the company's M1 silicon had been hacked in the cybersecurity department. According to MIT researchers, the newly discovered security flaw defeats the M1 SoC's last line of defence and cannot be patched via software updates, as reported by MacWorld and 9to5Mac.
Because it defeats the M1's Pointer Authentication Code (PAC) system, the highly concerning security vulnerability in M1 is known as "PACMAN."
Pointer authentication, according to MacWorld, is a security feature that helps protect the CPU from an attacker who has gained memory access. Pointers are used to store memory addresses, and pointer authentication code looks for unintentional pointer changes that could be caused by an attack. MIT CSAIL created "PACMAN" as part of its research, an attack that can find the correct value to successfully pass pointer authentication, allowing a hacker to continue using the computer.
MIT CSAIL's Joseph Ravichandran is the co-lead author of a paper explaining PACMAN, according to Macworld. "When pointer authentication was introduced, a whole class of bugs became much more difficult to exploit for attacks." The overall attack surface could be a lot larger now that PACMAN has made these bugs more serious."
A software patch will not fix the problem, according to MIT CSAIL, because the PACMAN attack involves a hardware device. The problem affects all ARM processors that use Pointer Authentication, not just the Apple M1. "Future CPU designers should keep this attack in mind when designing secure systems for the future," Ravichandran wrote. "Developers should be cautious about relying solely on pointer authentication to secure their software."
The PACMAN attack was carried out remotely by MIT. "PACMAN works just fine remotely if you have unprivileged code execution," the team says, adding that they did all of their experiments over the network on a machine in another room.
.jpg)
Apple is aware of the MIT CSAIL findings, according to Macworld, and has issued the following statement: "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques." We have concluded that this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own, based on our analysis and the details shared with us by the researchers."
