"MIT Researchers Uncover ‘Unpatchable’ Flaw in Apple M1 Chips"

Security researchers at MIT have discovered that Apple's M1 chips have an "unpatchable" hardware vulnerability that could allow attackers to break through its last line of security defenses. The researchers stated that the vulnerability lies in a hardware-level security mechanism utilized in Apple M1 chips called pointer authentication codes, or PAC. The researchers noted that this feature makes it much harder for an attacker to inject malicious code into a device's memory and provides a level of defense against buffer overflow exploits, a type of attack that forces memory to spill out to other locations on the chip. The researchers, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The researchers stated that the attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it. The attack, appropriately called "Pacman," works by "guessing" a pointer authentication code (PAC), a cryptographic signature that confirms that an app hasn't been maliciously altered. The researchers noted that this is done using speculative execution, a technique used by modern computer processors to speed up performance by speculatively guessing various lines of computation to leak PAC verification results, while a hardware side-channel reveals whether or not the guess was correct. The researchers also found that since there are only so many possible values for the PAC, it is possible to try them all to find the right one. The researchers stated that if not mitigated, their attack will affect the majority of mobile devices and likely even desktop devices in the coming years. The researchers presented their findings to Apple and noted that the Pacman attack isn't a "magic bypass" for all security on the M1 chip and can only take an existing bug that pointer authentication protects against.

 

Tech Crunch reports: "MIT Researchers Uncover ‘Unpatchable’ Flaw in Apple M1 Chips"

Submitted by Anonymous on