APPLE M1: The chip is affected by a security flaw which cannot be fixed

Scientists at MIT Computer Science & Artificial Intelligence Laboratory (CSAIL) have unveiled a new attack methodology that exploits a hardware vulnerability in Apple’s M1 series of chips by using a new PACMAN technique to steal data. This flaw could theoretically give malicious actors full access to core operating system kernel.

The researchers claim that the attack can allow access to kernel operating system; giving attackers full control through a combination hardware and software attacks.

“PACMAN” is an attack capable of finding the correct value to pass pointer authentication; so that a hacker can continue to access the computer. Pointer authentication is a security measure that protects the central processor unit from any attackers who have gained access to memory. Pointers store memories addresses. Pointer Authentication Codes check for any unexpected pointer modifications that might be caused by an attack.


Apple M1 chip

“The idea behind pointer authentication is that if all else fails, you can still rely on it to prevent attackers from taking over your system,” said Joseph Ravichandran, one of the co-authors. The paper. The MIT team has therefore discovered a method exploiting speculative execution techniques to bypass pointer authentication, and thus break the last line of defense available to Apple’s chips.

Unfortunately, the attack on the American manufacturer shows that hackers can disable pointer authentication without leaving any trace. Unlike previous M1 chip software flaws, this one uses a hardware mechanism, so no software patch can fix it.

Shortly after the article was published, Apple was quite confident. “Based on our analysis as well as the details shared with us by the researchers; we have concluded that this issue poses no immediate risk to our users; and is insufficient to bypass system security protections”. Apple says that Mac users should not be concerned about hacking of their devices.
Get latest news from African Startup ecosystem

Latest stories

You might also like...