Elain Brown Tech 06.10.2022 22:Jun PM EDT

Apple M1 Chip Has a Security Flaw That is Unpatchable

The Apple M1 chip reportedly has an unpatched vulnerability, according to MIT security researchers.

MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) recently published a report in which they disclosed a flaw in what they refer to as the "final line of protection" for Apple's M1 chip. The vulnerability may, in principle, allow malicious actors to obtain complete access to the kernel at the heart of the operating system.

Apple M1 Chip Vulnerability

The Apple M1 chip is currently built to have a feature known as pointer authentication. This capability serves as the chip's final line of defense against the standard software vulnerabilities. Usually, when pointer authentication is enabled, bugs that could typically exploit a system or expose confidential information are halted dead in their tracks.

However, researchers at MIT have discovered a loophole: Their innovative hardware attack, which they have given the name PACMAN, demonstrates that pointer authentication can be broken without even leaving a trace behind.

The unfortunate instance here is that PACMAN uses a hardware mechanism, so there is no chance that a software patch will ever be able to solve it.

According to MIT, a pointer authentication code (PAC) is a signature that verifies the state of the program has not been maliciously modified.

The researchers used the PACMAN attack to demonstrate that it is possible to make an educated guess about the value of the PAC and then find out, using a hardware side channel, whether or not the prediction was accurate.

They discovered that it is possible to attempt all of the possible values for the PAC in order to locate the right one because there are only a certain number of possible values. An important discovery they made is that the attack does not leave any traces.

According to Joseph Ravichandran, a co-lead author of a new paper about PACMAN at MIT, "The idea behind pointer authentication is that if all else has failed, you still can rely on it to prevent attackers from gaining control of your system."

However, with this recent research, he and his team were able to prove that pointer authentication as the last line of defense is not enough as it previously thought it was.

Ravichandran added, "When pointer authentication was introduced, a whole category of bugs suddenly became a lot harder to use for attacks. With PACMAN making these bugs more serious, the overall attack surface could be a lot larger."

What Does This Mean To Apple M1 Users?

According to Gizmodo, Apple M1 users do not need to worry about their personal information being compromised by this vulnerability. Although this is a severe vulnerability that will require attention in the near future, in order for it to be exploited, a number of extremely rare conditions must exist.

First and foremost, the system that is being attacked needs to have a memory corruption flaw already present. As written in MIT's report, the research used a certain method of attack to prove the weakness of the detected vulnerability in the hardware of Apple. The scientists conclude that there is no need for urgent panic due to this fact.

In addition, as reported by TechCrunch, Apple recognized the recent MIT research and extended their gratitude, thanking everyone who worked on this new discovery.

The tech giant stated, "Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own."