apple: Apple not 'worried' about the latest security attack on the M1 chip
A team of security researchers from MIT's Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) managed to defeat M1's security measures, breaching the chip's last line of security, the PAC (pointer authentication codes). The researchers developed a novel attack combining memory corruption and speculative execution, bypassing M1's security. They found that the chip's last line of security, often known as PAC (pointer authentication codes), can be breached through a hardware attack allowing attackers to gain access to the Mac.
How does the PACMAN affect the M1 chip?
Pointer Authentication is a security feature that helps protect the CPU when an attacker gains access to memory. So, there are pointers which save memory addresses, while the pointer authentication code (PAC) checks for any unexpected pointer changes caused by the attack, and stops the attacker from getting the system access.
However, the team of researchers found a way to break the authentication feature thus gaining access to the system using the PACMAN attack. The vulnerability finds the correct value to authenticate the pointer authentication, allowing the hacker to continue with the attack.
The researchers at MIT say that the attack involves a hardware device so a software patch would not be able to fix this issue. Also, an attacker does not need physical access to the system to execute PACMAN. Also, the PACMAN vulnerability is not just limited to the M1 chip as other ARM chips from Apple also use the PAC including both M-series and A-series chips.
Apple acknowledged the PACMAN vulnerability and released a statement reading, ?We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques. Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own."
MIT CSAIL team will be revealing more details about the PACMAN vulnerability on June 18 at the International Symposium on Computer Architecture.
( Details and picture courtesy from Source, the content is auto-generated from RSS feed.)
Join our official telegram channel for free latest updates and follow us on Google News here.