We’ve recently seen here that researchers have recently identified a security vulnerability dubbed PACMAN, which is an impossible-to-fix issue on Apple Silicon M1 chips, due to the fact that it is hardware related and not a software flaw.
In the latest update of the case, we have the official position of the Cupertino giant, which was given to the TechCrunch staff, who thank them for their collaboration with researchers and try to reassure those who have a device with the chip in question, stating that it is not an immediate risk. for users, something that in part had already been raised when the flaw was revealed.
We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques. Based on our analysis and the details shared with us by the researchers, we have concluded that this issue does not pose an immediate risk to our users and is insufficient to circumvent OS security protections on its own.”
Original article (06/10/2022)
Macs with an M1 chip have a security vulnerability that cannot be patched
A new vulnerability that cannot be patched has been found on Macs with the M1 chip. The discovery came through researchers at the Massachusetts Institute of Technology in the United States.
According to MIT CSAILexperts found a loophole in Apple Silicon’s architecture, which could destroy one of the security layers, called Pointer Authentication Codes (PAC). Therefore, the attack that performs the break was called “PACMAN”.
As the probe directly affects a hardware component, the vulnerability has no software fix. At least, to suffer a problem of this type, it is necessary to have face-to-face access to the Mac.
Although not correctable to date, the publication’s co-author, Joseph Ravichandran, stated that “no need to be alarmed now”. The justification for the calm request is in the fact that “PACMAN” only compromises systems that already have a previous bug in the software.
“When pointer authentication was introduced, a whole category of bugs suddenly became much more difficult to use for attacks. With PACMAN making these bugs more serious, the global attack surface could be much larger. Future CPU designers must be careful to consider this attack when building tomorrow’s secure systems. Developers should be careful not to rely solely on pointer authentication to secure their software.”
Co-author of the publication and PhD student
In principle, all versions of Mac with the M1 chip are affected by this vulnerability. As the M2 was announced not long ago, there have not yet been any tests with the new Apple Silicon edition.
So, what do you think of this new flaw found in Apple’s custom chip? Comment with us!