Scientists at MIT Computer Science & Artificial Intelligence Laboratory (CSAIL) have unveiled a new attack methodology that exploits a hardware vulnerability in Apple’s M1 series of chips by using a new PACMAN technique to steal data. This flaw could theoretically allow malicious actors to gain full access to the core operating system kernel.
Indeed, the researchers say the attack can potentially allow access to the operating system kernel; giving attackers full control of a system through a combination of software and hardware attacks.
“PACMAN” is an attack capable of finding the correct value to pass pointer authentication; so that a hacker can continue to access the computer. Pointer authentication is a security feature that helps protect the central processing unit against an attacker who has gained access to memory. Pointers store memory addresses, and Pointer Authentication Code (PAC) checks for unexpected pointer changes caused by an attack.
Apple M1 chip has a security weakness
“The idea behind pointer authentication is that if all else fails, you can still rely on it to prevent attackers from taking over your system,” said Joseph Ravichandran, one of the co-authors. of the paper. The MIT team has therefore discovered a method exploiting speculative execution techniques to bypass pointer authentication, and thus break the last line of defense available to Apple’s chips.
Unfortunately for the American manufacturer, this attack demonstrates that hackers can thwart the pointer authentication without leaving a trace. Unlike previous M1 chip software flaws, this one uses a hardware mechanism, so no software patch can fix it.
Shortly after the article was published, Apple was quite confident. “Based on our analysis as well as the details shared with us by the researchers; we have concluded that this issue poses no immediate risk to our users; and is insufficient to bypass system security protections”. According to Apple, Mac users therefore should not fear for their devices from hacking.