MIT researchers use a technique inspired by Meltdown and Specter to circumvent a fundamental protection of the memory space of the M1 processor.
You may remember Meltdown and Spectre, those incredible attacks that relied on a fundamental feature of recent processors: speculative execution. The processors pre-execute instructions which have a high probability of arriving in the flow of calculation, without validating them. This saves a lot of time, but also introduces new risks, especially for Intel processors.
It is now Apple’s turn to be faced with this type of particularly thorny and complex problem. A group of MIT researchers have just revealed an attack called “Pacman” that allows malicious code to bypass an important memory protection device in the M1 processor and execute arbitrary code in the kernel without have special privileges at the start.
Pointers in sight
This protection device is the “Pointer Authentication Code” (PAC). A pointer is a variable that contains the memory address of a group of data. The PAC is a hash which is integrated into the pointer and which makes it possible to verify its integrity. Thanks to him, many memory bugs can no longer be exploited. As soon as the system comes across a pointer with an invalid hash, the process is deliberately crashed. It is therefore impossible for a hacker to calculate a good hash by brute force. At least in theory.
Indeed – and without going into too much detail – researchers are using a bad branch of speculative execution to massively test hash values. So, even if they are not good, it does not matter, because the instructions will not be validated in any case and the process remains alive. Hash value testing is done using a side channel tied to the M1’s Translation Lookaside Buffer (TLB). The TLB is a processor cache that speeds up the translation of virtual memory addresses into physical memory addresses.
Reverse-engineered the M1
The researchers analyzed the TLB of M1 by reverse engineering, which allows them to indirectly observe whether it is modified or not. When they load a self-forged pointer and the TLB is changed, that means the hash is good. The pirate can then use this pointer to execute his malicious code, including in the kernel memory space. It’s the jackpot!
As it is related to the micro-architecture of the processor, this attack is impossible to patch. However, Apple remains zen and minimizes the scope of this revelation.
“We would like to thank the researchers for their collaboration, as this proof of concept advances our understanding of these techniques. Based on our analysis as well as the details shared with us by the researchers, we have concluded that this issue poses no immediate risk to our users and is insufficient to bypass the operating system’s security protections on its own.”Apple said in a statement.
Indeed, the hacker must not only be able to manipulate the speculative execution branches, but also have an exploitable memory bug to carry out the hash tests. Technically, the attack is therefore difficult to carry out, which is why Apple may be right not to worry too much. For the moment, in any case, the Pacman technique has not yet been observed in real attacks. Fingers crossed.