In April, a vulnerability at the Apple Silicon, which was quickly hailed as “not so bad”. Now, researchers at the Massachusetts Institute of Technology (Massachusetts Institute of Technologyor MIT) have identified something far more worrisome.
the chips M1 have multiple layers of security to prevent attacks from gaining access to memory. The last layer is Pointer Authentication Codes (or PAC), which, when activated, manages to exterminate bugs that could compromise or leak information from the machine.
As the publication of the MIT CSAILresearchers at MIT’s Computer Science and Artificial Intelligence Laboratory found a loophole in the chip’s architecture and, with an attack they called “PAC MAN”, destroyed the security layer. The joke with the famous game of the 1980s is not just in the name: in addition to the attack being successful, it left no trace.
The publication’s co-author, PhD student Joseph Ravichandran reassured that “there is no reason to be alarmed now”, as “PACMAN” only compromises systems that already have a bug in their software. He explains:
The “PACMAN” does not magically bypass all security on the M1 chip. “PACMAN” is only able to take an existing bug that PAC protected against and unleash the true potential of that bug to be used in an attack.
The researchers also claim that the loophole exists in all ARM-architected chips that use the PAC. So all versions of the M1 were affected — however, as the M2 was just announced, they haven’t had a chance to test it on the new chips yet. And, although Apple has not commented, these findings are usually reported to Apple first before being presented to the public.
As “PACMAN” affects a hardware component, this vulnerability cannot be fixed by software. Fortunately, since physical access to the Mac is required, there is nothing to worry about in terms of remote attacks on your computer.