Remember the Specter and Meltdown CPU hardware vulnerabilities that became known in 2018? Now Apple faces a similar problem to Intel, AMD and ARM back then: there is a basically irreparable vulnerability in the M1 chip.
However, the exploitability of the Apple vulnerability is not comparable to the Specter and Meltdown vulnerabilities. This is evident from media reports. The vulnerability that makes the M1 chip vulnerable was discovered by: MIT researchers a weakness in the chip design allows attackers to bypass pointer authentication in Apple M1 CPUs without leaving a trace. Once attackers have passed the security barrier, they can execute arbitrary code on Mac computers with an M1 CPU.
Pointer Authentication is a security feature that adds a cryptographic signature known as Pointer Authentication Code or “PAC”, which allows the operating system to detect and block unexpected changes that would otherwise lead to data leaks or system damage. The attack that the MIT researchers devised is therefore called “PACman”.
PACman builds on other bugs
Threat actors who have physical access to a vulnerable Mac can bypass security and gain access to the file system. To do this, the attackers must first find a memory flaw in the target Mac’s software, which is blocked by PAC and, after bypassing PAC protection, can escalate into a more serious security vulnerability.
The flaw is in the CPU design and therefore cannot be completely fixed by software. So while Apple can’t patch the hardware to block attacks using this exploitative technique, the good news is that end users need not worry. As long as the software is up to date and free of bugs that could be exploited by PACman, you are safe.
Statement from Apple
“PACman is an exploitative technique – by itself it cannot compromise your system. While the hardware mechanisms used by PACman cannot be patched with software features, bugs that affect memory can be,” the researchers continued. They have passed on all findings to Apple and have been in contact for several months.
Apple is convinced that there is no immediate danger to users. “Based on our analysis and the details researchers have shared with us, we have concluded that this issue does not pose an immediate threat to our users and is not sufficient to circumvent device security alone,” an Apple spokesperson said.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.