Researchers at MIT CSAIL (Computer Science and Artificial Intelligence Laboratory) have discovered a vulnerability in Apple’s M1 processor that has some features in common with Meltdown and Specter vulnerabilities, including in relation to speculative driving.
Bachman
Weakness is required Bachman They can be used to bypass the Pointer Authentication Codes (PAC) security feature in the M1 processor. This is a technology developed by Arm to enforce pointer safety. This would make it difficult for attackers to inject malicious code into the device’s memory. The M1 processor is the first desktop processor to implement this functionality, but Apple has also been using PACs in mobile processors since 2018. It’s unclear if these could also be vulnerable to attack.
Bachmann alone is not enough to carry out attacks. Alternatively, PACMAN can amplify attacks that exploit memory-related software vulnerabilities. Then there may be a possibility to run an arbitrary code.
This is no coincidence, as the researchers wanted to see in advance what could be achieved by combining hardware and software vulnerabilities, by hacking into a mechanism designed to protect software.
guess guess
To carry out such an attack, a mechanism is required by MIT researchers called the PAC Oracle, which can tell that the PAC matches a specific index. PAC Oracle guesses all possible PAC values. To avoid breakdowns, each guess is made speculative.
Although the PACMAN vulnerability cannot be patched with software, researchers believe that M1-based Mac users have good reason to worry about the PACMAN vulnerability as long as they keep the software updated on the system.
There are no immediate risks
Letic Crunch Apple, which became aware of the vulnerability in 2021, stated that the company concluded that this vulnerability does not pose an immediate risk to users, and that it alone is not sufficient to circumvent security protections in operating systems.
However, the researchers believe that PACMAN’s discovery should be taken into account in future solutions.
Future CPU designs must make sure that this attack is taken into account when building security systems for tomorrow. Developers should make sure they don’t rely solely on pointer authentication to protect their software, says Joseph Ravichandran, a doctoral student at MIT CSAIL and co-author of Scientific articleAnd the In a press release.
Oguri
PACMAN is not the first vulnerability found in Apple’s M1 processor.
In 2021, the attack technology was called Oguri Discussed by a group of researchers. This technique could theoretically be used to leak preloaded data which is never used in actual instructions.
In practice, this technique was considered completely harmless.
“Explorer. Unapologetic entrepreneur. Alcohol fanatic. Certified writer. Wannabe tv evangelist. Twitter fanatic. Student. Web scholar. Travel buff.”
