Because of a hardware trick, the M1 attack cannot be patched by a software update.
However, new MIT study shows that the microprocessor powering everything from the Apple MacBook Pro to the most recent iPad Air is riddled with serious security flaws that cannot be patched by a software update.
Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have discovered a hole in the pointer authentification algorithm that may be exploited (PAC). PAC checks a digital signature to see if the code of a programme has been maliciously altered.
Because there are a finite number of possible signatures that can be used to bypass the final defence mechanism built into the M1 chip by PACMAN’s software and hardware exploits, PACMAN can run through them all, find the one that is valid, and then use that signature in a separate software exploit to bypass the M1 chip’s final defence mechanism.
As a result of their testing, they discovered that this vulnerability provided kernel-level access to a computer’s operating system, allowing an attacker to take total control of a target.
When everything else fails, you may rely on pointer authentication to keep intruders out of your system, according to MIT CSAIL. MIT CSAIL Ph.D. student Joseph Ravichandran, a co-lead author of the article revealing the issue, which will be presented at the International Symposium on Computer Architecture on June 18th, says pointer authentication as a final line of security isn’t as absolute as we always imagined.
Pointer authentication introduced a whole new set of flaws that were much more difficult to exploit when they were introduced. According to Ravichandran, “the entire attack surface might be much greater” as PACMAN increases the seriousness of these issues.
The researchers were able to circumvent the PAC security mechanism using a microarchitecture vulnerability, which means that this element of the exploit cannot be “patched” because it is hardwired into the chip itself. It’s important to note that this exploit is only usable if used in combination with another one. On its own, it can’t achieve anything
Analysis: Is this really as horrible as it sounds?
To be clear, just though the MacBook Air seems like a significant issue doesn’t mean that everyone’s new MacBook Air is vulnerable to extortion by cybergangs.
In this case, researchers employed a hardware vulnerability that is comparable to the Spectre and Meltdown flaws found in select Intel CPUs, although those flaws did not cause widespread computer system failures. People aren’t worth the effort of a cyberthief since they’re so common. When a thief can shut down an oil pipeline and extort millions of cash, why meddle with your computer?
PAC assaults an M1 chip’s last line of protection, which makes it particularly risky (and not just M1 chips, but also any ARM-based processor that uses a PAC security measure, implicating some Qualcomm and Samsung chips as well).
This proof of concept helps us better understand these strategies,” an Apple spokesman said to TechRadar. “We want to thank the academics for their work.” For this reason, we have assessed that this problem does not constitute an imminent threat to our customers and cannot be used as a means of circumventing operating system security features on its own.”
Not that an attack can’t be utilised, but it means that an exploit will have to defeat every other security feature in the system, and Apple systems are already quite safe. This exploit should not be cause for alarm among Apple M1 customers who have taken other precautions to ensure their safety, since we are certain that Apple will address this vulnerability in future chips.