Apple M1: Security vulnerability PACman cannot be fixed
Vulnerability in the CPU
Apple’s M1 chip has a security vulnerability that cannot be fixed with an update. According to MIT researchers, PACman also allows attacks against the kernel of the operating system.
news
With PACman, a new vulnerability was found in Apple’s M1 processor series. The vulnerability was discovered by Researchers from the Massachusetts Institute of Technology (MIT). Since the problem exists at the hardware level, it cannot simply be fixed with an update. Furthermore, other ARM-based chips, for example from Qualcomm or Samsung, could also be affected by the vulnerability.
The vulnerability is found in the processor’s Pointer Authentication Code (PAC). This is a CPU security mechanism that places a cryptographic signature in the first bits of a pointer. This allows apps to be checked for malicious changes and unauthorized reading of content can be prevented.
However, the possible values of the PAC can be checked quickly enough to find out the correct authentication code. Theoretically, such deep attacks are possible, for example on the kernel of the operating system – but only if further security mechanisms of the M1 could be circumvented and the PAC is only the last line of defense.
Apple itself classifies the vulnerability as “Techcrunch” as a low risk. Thank you “the researchers for their work, because the proof of concept advances our understanding of such techniques.” The researchers at MIT were able to determine whether the vulnerability is also present in Apple’s newly announced M2 processor can’t find out at this point.
Continue to home page
Reference-www.pc-magazin.de