Researchers from MIT CSAIL have found a way to defeat what is called the last line of security on the M1 SoC the famous Apple M1 chip.
The M1 implementation of pointer auth can be overcome with a hardware attack that the researchers developed. Pointer authentication is a security feature that helps protect the CPU against an attacker that has gained memory access.
Pointers store memory addresses, and pointer authentication code (PAC) checks for unexpected pointer changes caused by an attack.
MIT CSAIL created “PACMAN,” an attack that can find the correct value to successfully pass pointer authentication, so a hacker can continue with access to the computer.
PACMAN attack involves a hardware device, a software patch won’t fix the problem. The issue is a wider problem with Arm processors that use Pointer Authentication, not just Apple’s M1, PACMAN shows that pointer authentication isn’t completely foolproof and developers shouldn’t completely rely on it.
Apple announced the M2 chip at its WWDC keynote last Monday, which is a new generation that succeeds the M1 series. An MIT representative confirmed with Macworld that the M2 has not been tested for this flaw.
PACMAN is the latest security breach discovered with the M1. In May, researchers discovered the Augury flaw. Last year, M1RACLES vulnerability also discovered. But these flaws have been deemed harmless or not a serious threat.