The M1 chip is currently Apple’s strongest processing unit to date, but unfortunately, that power comes with a flaw that will surely get everyone talking for months. Researchers from MIT did some tests and found a vulnerability in the chip’s hardware that isn’t likely to be patched.
PAC or the pointer authentication codes is the one at fault, and it is worth remembering that this exploit is on a hardware level, meaning that Apple can’t just ship an update overnight and have everything solved. The PAC is responsible for keeping attackers at bay, especially those that utilize buffer overflow strategies and also those that resort to using memory-related attacks.
A group of researchers from MIT was able to create one strategy, an attack on the chip’s hardware that renders the PAC useless. The exploit isn’t traced at all, which is very alarming because no form of patch can save the Apple devices from possible attacks that utilize this approach.
The MIT researchers called their attack “Pacman,” a response to the faulty hardware of the Apple M1 chip. The attack uses speculative execution to guess the signature that works as a confirmation to the chip itself that nothing suspicious has happened. This technique forces the PAC signatures to leak, and as a way to confirm if the guess is right or wrong, a side-channel is utilized.
The PAC’s outcome or values are also limited considering the speed of this technique, so it is expected that an attacker can test everything to reach the correct values.
MIT student and research co-lead author Joseph Ravi Chandran confirms that the exploit can be executed through the Apple device’s kernel. According to him, this flaw will mean a lot for ARM systems that use PAC in the future. He also added that the PAC is supposed to be the last line of defense; even if everything fails, the purpose of the PAC is that you can rely on it.
The PAC feature in question is currently in Apple’s latest devices, M1, and its other iterations. Other chip companies have also announced that PAC will come into their newest manufactured chips. With Apple’s M2 chip incoming, MIT has yet to make a move and test its PAC functionality.
The M2 chip is an upcoming processor that would be Apple’s direct challenging statement to Windows. M1’s popularity since its release in 2020 has been immense, and it also shows how Apple is committed to strengthening its share in the desktop and laptop market. The M2 chip will debut in Apple’s renowned MacBook Air and MacBook Pro (13-inch).
the upcoming Apple M2 chip is reported to have an increase of 25% transistors and a half more bandwidth than its predecessor.
The MIT researchers responsible for the novel attack that showcased the PAC’s flaws published their research, and only after that was Apple able to comment on their findings. Scott Radcliffe, Apple’s spokesperson, thanked the researchers for their efforts but assured them that the bypass would not be an effective way to gain access to and exploit the operating system and its security features.