MIT Researchers Disclose a Hardware Vulnerability in Apple Silicon

pcmag.com:

Researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have revealed(Opens in a new window) a vulnerability in the M1, M1 Pro, and M1 Max as well as other Arm-based chips that can be exploited to defeat hardware-based protections against memory corruption attacks.

This so-called PACMAN(Opens in a new window) attack takes advantage of flaws in the ARM Pointer Authentication feature that debuted in 2017. The researchers say Apple has used the Pointer Authentication feature in several iterations of its mobile processors since 2018 as well as the M1 lineup that started rolling out in 2020. (Their paper doesn't speculate on the M2 chip's susceptibility.)

"Multiple chip manufactures [sic], including ARM, Qualcomm, and Samsung, have either announced or are expected to ship new processors supporting Pointer Authentication," the CSAIL researchers say. "In a nutshell, Pointer Authentication is currently being used to protect many systems, and is projected to be even more widely adopted in the upcoming years."

That feature is supposed to defend against memory corruption attacks. The researchers say "a memory corruption attack exploits a software bug to corrupt the content of a memory location, which contains important data structures, such as data and code pointers." These attacks have been used to compromise systems for decades, they say, and still aren't going anywhere.

So can someone use a PACMAN attack on its own to compromise a targeted system? No. The CSAIL researchers explain that it has to be used in conjunction with a memory corruption attack to be effective. It's kind of like buying a fake ID to get past a bouncer at a nightclub: It's only useful when you're at the club, so if you don't have