Recently Uncovered Unfixable Vulnerability in Apple M1's Security System
The phenomenal performance and efficiency of Apple's M1 chips have sparked a renaissance in MacBook sales, but MIT researchers have identified a potential weakness. In a recent paper, MIT Computer Science & Artificial Intelligence Laboratory (CSAIL) scientists unveiled a vulnerability in the M1 chip's "last line of security." This flaw, theoretically, could serve as a gateway for malicious actors to gain access to the core operating system kernel.
However, Mac owners need not fret just yet. Though this is a noteworthy vulnerability, MIT researcher Joseph Ravichandran, the lead author of the paper, assured that currently, the conditions for exploitation are highly unlikely to occur. The system under attack would require an existing memory corruption bug, leaving little cause for immediate concern.
Apple acknowledged the MIT researchers' findings and thanked them for their collaboration in a statement to TechCrunch. The tech giant maintained that the vulnerability does not pose an immediate danger to its users, as the flaw alone cannot bypass operating system security protections.
The flaw revolves around Apple's use of Pointer Authentication, a mechanism designed to detect and guard against unexpected changes in memory. MIT labeled this the "last line of defense." However, the research team discovered that this line of protection could be breached. Enter MIT's PACMAN attack.
PACMAN, short for Pointer Authentication Code Manipulation attack, exploits this vulnerability. By using a hardware device, PACMAN can guess the value of Pointer Authentication Codes (PACs) used to verify code safe, circumventing software patches. Although multiple possible PAC values exist, with the device's help, one can test all values without leaving a trace, ultimately gaining unauthorized access, Ravichandran cautioned.
Taking advantage of its impact on the ARM v8.3A processors, including the Apple M1 chip, the PACMAN attack represents a serious concern for future security research. MIT warned that developers should not rely solely on pointer authentication for protection, and designers of future secure systems should be mindful of this vulnerability.
In light of this revelation, a US District Judge dismissed a class-action lawsuit against Apple for allegedly selling devices with Spectre and Meltdown-vulnerable processors. The customers failed to provide sufficient evidence that they overpaid for devices due to hidden defects or experienced significant post-patch performance issues.
- Despite the potential vulnerability identified by MIT in the M1 chip's "last line of security," Apple assured its users that the conditions for exploitation are highly unlikely.
- The PACMAN attack, developed by MIT researchers, exploits the vulnerability in Apple's use of Pointer Authentication, which could potentially allow malicious actors to bypass security protections.
- In response to the PACMAN attack, MIT urged developers to not rely solely on pointer authentication for protection and advised designers of future secure systems to be mindful of this vulnerability.
- Following the revelation of the M1 chip's vulnerability, a class-action lawsuit against Apple for selling Spectre and Meltdown-vulnerable processors was dismissed by a US District Judge due to lack of sufficient evidence.
