With the SoC M1, Apple was able to show the market that the brand was ahead of all the competition and that it can follow its path without depending on anyone. Over time these have evolved and improved into newer versions.
Now that the second generation of this SoC has arrived, it is known that the previous ones have a serious flaw that cannot be corrected. Called PACMAN, it puts the operating system at risk, but Apple understands that it’s not a cause for concern.
Discovered by researchers at MIT (Massachusetts Institute of Technology), this flaw, (call PACMAN) affects Apple's M1 SoCs. It results from the exploitation of Pointer Authentication Codes (PAC), one of the protection layers of the processor of these devices.
This feature helps protect the CPU from attacks that target memory. Stores addresses and checks for unexpected changes that report a potential attack. Given its importance, it is considered one of the last lines of defense of Apple systems against intrusion.
We found a way to defeat pointer authentication (and forge kernel pointers from userspace) on the Apple M1 via a new hardware attack.
Here's how it works-https://t.co/6Kz3jnRtwI
— Joseph Ravichandran (@0xjprx) June 10, 2022
To exploit this flaw, attackers need to find an exploitable vulnerability in the software present in the operating system. In addition, and in order to be successful, PACMAN needs physical access to the machines with SoC M1 where the attack will be applied.
The result, if the right conditions are met, is indiscriminate access to the operating system and user data. Its capacity is such that it manages to bypass all the security of the kernel itself. The worst thing is that, being a hardware failure, it cannot be fixed by software updates.
Confronted with this SoC M1 issue, Apple was quick to respond and give its views on it. According to the company, this is not a problem that can be exploited and is therefore not concerned about it. Nor will it take steps to resolve it.
We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques. Based on our analysis and the details shared with us by the researchers, we conclude that this issue does not pose an immediate risk to our users and is insufficient to circumvent the operating system's security protections on its own.
The solution for now, and probably in the future as well, is to keep the applications used up to date. Thus, exploitable flaws cannot be used. Furthermore, the need for physical presence manages to give users some guarantee of protection.