Researchers find ‘uncorrectable’ Apple chip defect plate

Researchers find ‘uncorrectable’ Apple chip defect plate

MIT researchers at the Massachusetts Institute of Technology have discovered a vulnerability in a security system on Apple’s M1 chip. The vulnerability allows hackers to discover Pointer Authentication Code (abbreviated PAC), a feature that prevents attacks related to injecting malicious code into a device’s memory. Since PAC is a security feature in the chip itself, that is, a protection for the hardware itself, this vulnerability cannot be fixed by a system update.

Generally, when a malicious program attempts to inject code into device memory, it needs to know this pointer authentication code to succeed. If the code is incorrect, the program will crash and change the PAC. The researchers managed to create an attack that bypassed the program’s locking mechanism and managed to discover the pointer authentication code.

🔎 MacBook Air with M2: See all the changes on Apple laptops

Apple devices with M1 chips affected by vulnerability — Photo: Disclosure / Apple

They take advantage of a feature of ARM-architecture chips called speculative execution: Basically, these processors execute functions before they are requested (or not) to make tasks faster. In other words, the processor is prepared for some possible user actions even before they are performed.

So they tested various pointer authentication codes and were able to tell whether the pointer was correct based on the guesswork produced by the chip itself. The researchers dubbed this attack PACMAN.

PACMAN attacks by themselves cannot penetrate computer systems. The M1 chip has several layers of protection, the last being the PAC. Therefore, PACMAN is only useful if a malicious program has breached all other layers and needs to break pointer authentication protections. The PACMAN attack is only responsible for breaking the last security barrier of this malicious program.

2020 MacBook Air, MacBook Pro and Mac mini with M1 chips — Photo: Handout/Apple

The vulnerability could affect all Apple devices with M1, M1 Pro, and M1 Max chips, such as iPad, MacBook Pro, MacBook Air, iMac, Mac Studio, and Mac mini. However, the team responsible for PACMAN warns that the vulnerability affects not only Apple chips, but all other ARM-based processors that use pointer authentication as a security device and have speculative execution. However, it’s not yet possible to test whether PACMAN will work on the M2 chip, the new processor Apple recently announced.

to website TechCrunch, a note from Apple spokesman Scott Radcliffe. He said he thanked the researchers for their collaboration on proof-of-concept to advance understanding of these technologies. He also said that based on the Apple team’s analysis, and details shared by the MIT researchers, they concluded that the issue does not put any users at immediate risk, and that the attack is not sufficient to compromise the security of the entire computer. sex. operating system.

Leave a Comment

Your email address will not be published.