MIT researchers have found that Apple’s M1 chips have an “unpatchable” hardware vulnerability that could allow attackers to access processor cores.
Scientists at MIT Computer Science & Artificial Intelligence Laboratory (CSAIL) have unveiled a new attack methodology that exploits a hardware vulnerability in Apple’s M1 series of chips by using a new “PACMAN” technique to steal data. This flaw could theoretically allow malicious actors to gain full access to the core operating system kernel.
Indeed, the researchers claim that the attack can potentially allow access to the kernel of the operating system, thus giving attackers full control of a system by a combination of software and hardware attacks.
Also read – Mac M1: a zero-day flaw can leak your personal data
What is this new PACMAN flaw on M1 chips?
“PACMAN” is an attack developed by MIT CSAIL loaders capable of find correct value to pass pointer authentication, so that a hacker can continue to access the computer. Pointer authentication is a security feature that helps protect the central processing unit against an attacker who has gained access to memory. Pointers store memory addresses, and Pointer Authentication Code (PAC) checks for unexpected pointer changes caused by an attack.
” The idea behind pointer authentication is that if all else fails, you can still rely on it to prevent attackers from taking over your system. said Joseph Ravichandran, one of the article’s co-authors. The MIT team therefore discovered a method exploiting speculative execution techniques to bypass pointer authentication, and thus break the last line of defense that Apple’s chips had.
Unfortunately for the American manufacturer, this attack demonstrates that pointer authentication can be thwarted without leaving a trace. Unlike previous M1 chip software flaws, this uses a hardware mechanism, so no software patch can fix it.
Shortly after the article was published, Apple was quite confident. ” Based on our analysis as well as the details shared with us by the researchers, we have concluded that this issue poses no immediate risk to our users and is insufficient to bypass system security protections on its own. exploitation “. According to Apple, so Mac users don’t have to worry about their device getting hacked.