MIT researchers discover incorrigible flaw in Apple M1

The M1 marked the beginning of a new phase for Apple. But despite the success in performance and efficiency, the processor developed by the company itself is not perfect. MIT researchers have found an issue that compromises the security of the component — and worst of all, there’s no way to fix the vulnerability.

M1 processor (Image: Playback/Apple)
M1 processor (Image: Playback/Apple)

The flaw lies in a hardware-level security mechanism. It is called PAC, which stands for Pointer Authentication Codes. Thanks to it, it is much more difficult to inject malicious code into memory. This helps protect against buffer overflow attacks, which leak memory elsewhere on the chip.

In practice, however, there is a way around this. This is what scientists at the MIT Computer Science and Artificial Intelligence Laboratory have proved. They created an attack called Pacman that “guess” the pointer authentication code.

The technique involves speculative execution, which tries to guess lines of computation. With it, the researchers were able to make the results of the PAC verification leak through a parallel channel, which tells whether the hunch was right or not.

As Pacman involves hardware mechanisms, it is not possible to fix the problem it takes advantage of using a software patch.

Failure can go beyond the M1

The researchers demonstrated that this attack also works against the kernel, the core software of the operating system.

Joseph Ravichandran, a doctoral candidate in the MIT lab and co-author of the study, explains that there are “huge implications for future security work on all ARM systems with pointer authentication enabled.”

The researchers point out that Pacman does not fully compromise the security of the chip. It can only be used to take advantage of a bug protected by pointer authentication.

Even so, they say that if the flaw is not mitigated, it could compromise most mobile devices and even some desktops in a few years.

Apple rules out risk and reassures users

The MIT researchers shared their results with Apple. The company thanked the work and tried to explain that the failure is not that serious, in practice.

To TechCrunchspokesman Scott Radcliffe gave the following statement:

“We want to thank the researchers for their collaboration. This proof of concept contributes to our understanding of this technique. Based on our analysis and the details shared by the researchers, we conclude that this issue does not pose an immediate risk to our users and is insufficient to, on its own, circumvent the security protections of the operating system.”

With information: TechCrunch.

Source link

About Admin

Check Also

This watercooler is the size of a case and can cool 4 video cards at once

THE Bykski, known for providing cooling solutions, whether for waterblocks for video cards, or parts …

Leave a Reply

Your email address will not be published. Required fields are marked *