Pressure on Apple, whose M1 processors are apparently vulnerable to a rather worrying attack called Pacman. A demonstration will take place in a few days. The firm at the apple remains silent.
Security experts from the prestigious MIT (Massachusetts Institute of Technology) have, according to them, managed to “bringing down the last line of security” Apple M1 processors. On June 18, they will demonstrate their work at the International Symposium on Computer Architecture.
In designing its M1 processors, Apple obviously made every effort to protect its chips as much as possible against all types of attacks. One of the most important security layers developed in this sense is known by the acronym PAC (for point authentication code), which these researchers from the Computer Science and Artificial Intelligence Laboratory (CSAIL) would have managed to bring down with the help of a feat (exploitation code) dubbed Pacman.
As our American colleagues from Macworld explain: “Pointer Authentication is a security feature that helps protect the CPU against an attacker who has accessed memory. Pointers store memory addresses and the Pointer Authentication Code (PAC) checks for unexpected pointer changes caused by attack”.
Gold, “MIT CSAIL discovered that the implementation of pointer authentication in M1 processors can be overcome with a hardware attack […] Pacman is an attack that, in effect, is able to find the correct value to successfully pass pointer authentication, so that a hacker can accordingly gain access to the computer.”.
Other affected ARM processors
“When pointer authentication was introduced, a whole category of bugs suddenly became much more difficult to exploit for attacks and hacks. Pacman making these bugs much more serious, overall attacks could be much broader”commented Joseph Ravichandran, co-author of an article presenting Pacman in the MIT review.
According to this team of researchers, other ARM processors on the market would also be vulnerable to this type of attack. Is this the case for the new M2 processors recently announced by Apple? They haven’t had a chance to check it out yet.
For now, there is a small doubt as to the possibility of plugging this security flaw with a software patch. Indeed, initially, the CSAIL team presented Pacman as a hardware attack that required the use of a dedicated accessory. This prompted Macworld to deduce that the risk posed by this flaw in a real situation was quite low, given the fact that it is necessary to have physical access to a Mac M1 to hack it. However, the researchers clarified to 9to5mac that this is not the case. The attack is done well at a hardware level, but it can a priori be triggered remotely.
Even if vulnerabilities have already been mentioned in the bosom of M1 chips (M1racles or Augury), their scope was very limited. Pacman could pose a much more serious threat to these processors. Apple has yet to comment, but its technical teams have been fully briefed on the issue by MIT security researchers.