Scientists from the Computer Science and Artificial Intelligence Laboratory of the Massachusetts Institute of Technology (MIT) have disclosed a new attack methodology that exploits a hardware vulnerability in the Apple M1 series of chips using a new PACMAN techniques for data theft. This flaw could theoretically allow attackers to gain full access to the core of the operating system.
Indeed, the researchers say the attack could potentially allow access to the operating system's kernel; giving attackers full control over the system through a combination of software and hardware attacks.
"PACMAN" is an attack that can find the correct value to pass authentication by pointer so that the hacker can continue to access the computer. Pointer authentication is a security feature that helps protect the CPU from an attacker who has gained access to memory. Pointers store memory addresses, and the pointer authentication code (PAC) checks for unexpected pointer changes caused by an attack.
The Apple M1 chip has weak protection
"The idea of ββpointer authentication is that if all else fails, you can still rely on it to prevent attackers from taking over your system," said Joseph Ravichandran, one of the co-authors. So the MIT team discovered a method that uses speculative execution methods to bypass pointer authentication and thus break the last line of defense available to Apple's chips.
Unfortunately for the American manufacturer, this attack demonstrates that hackers can prevent pointer authentication without leaving a trace. Unlike previous M1 chip software flaws, this one uses a hardware mechanism, so no software patch can fix it.
Soon after the article was published, Apple was pretty confident. "Based on our analysis, as well as the details shared with us by the researchers, we have concluded that this issue does not pose an immediate risk to our users and is not sufficient to bypass system protections." According to Apple, Mac users don't have to worry about their devices being hacked.
