New Vulnerability Discovered by Researchers in Apple M1 Chip

A vulnerability has been discovered in Apple devices by security researchers. The vulnerability, however, does not put devices at immediate risk.

The Apple M1 chip, which powers Apple products like the MacBook Pro and iPad Air, was discovered to have a security flaw that cannot be patched. The flaw was exposed in a newspaper by researchers from MIT Computer Science and Artificial Intelligence Laboratory (CSAIL).

It is known that Apple M1 chips have pointer authentication codes(PAC). PAC works by checking digital signatures to ensure that a program’s code has not been compromised. Pointer authentication makes sure bugs do not have an effect on systems.

Apple Vulnerability is Known as Pacman

An exploit was designed by MIT researchers, known as PACMAN. The researchers showed that the hardware property, PACMAN, is able to guess a value for the PAC and reveal whether the guess is correct. Although there are many possible values for PAC, they showed that PACMAN is able to test all values to find the correct one.

The newly founded PACMAN was able to defeat pointer authentication without leaving a trace, the researchers stated. it utilizes hardware mechanisms, so no software patch can ever fix it. PACMAN takes an existing bug that pointer authentication protects against and then unleashes that bug’s true potential by finding the correct PAC.

PACMAN, however, cannot compromise software without an existing software bug. Joseph Ravichandran, a PhD student in MIT CSAIL and co-lead author of the PACMAN newspaper, said: “The idea behind pointer authentication is that if all else has failed, you can still rely on it to prevent attackers from gaining control of your system.

We’ve shown that pointer authentication as the last line of defense isn’t as absolute as we once thought it was.” He further stated, “When pointer authentication was introduced, a whole category of bugs suddenly became a lot harder to use for attacks. With PACMAN making these bugs more serious, the overall attack surface could be a lot larger.”

Apple, hearing about the research, said in a statement to TechRadar that there is no immediate risk to users. The company said: “We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques.

Based on our analysis, as well as details shared with us by the researchers, we have concluded that this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own.”

More Study on PACMAN

PACMAN can also work against the kernel system, which points to authentication primarily protected. Attackers are able to gain access to a device once they are able to control the system kernel, the researchers stated.

“The team showed that the PACMAN attack even works on all ARM systems with pointer authentication enabled. Future CPU designers should take care to consider this attack when building the secure systems tomorrow. Developers should be careful not to solely rely on pointer authentication to protect their software,” says Joseph Ravichandran.

MIT professor and author Mengjia Yan also made a statement about the exploit, saying, “Software vulnerabilities have existed for roughly 30 years now. Researchers have come up with a way to mitigate them using various techniques such as ARM pointer authentication, which we are attacking now.

Our work provides insight into how software vulnerabilities that continue to exist as important mitigation methods can be bypassed via hardware attacks.”

“It’s a new way to look at this very long-lasting security threat model. Many other mitigation mechanisms exist that are not well studied under this new compounding threat model, so we consider PACMAN attack as a starting point. We hope PACMAN can inspire more work in this research direction community,” he concluded.

One thought on “New Vulnerability Discovered by Researchers in Apple M1 Chip

Comments are closed.