The Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory (CSAIL) has detailed a new attack that exploits a hardware vulnerability in the Apple M1 series processors. The team used the Apple M1 processor as a sample to demonstrate the vulnerability, while other Arm chips could not reproduce such an attack. The researchers claim that using the new PACMAN technique, it is possible to gain access to the main kernel of the operating system. This gives attackers complete control over the system through a combination of software and hardware attacks.
The exploit does not require physical access to a computer, so it can be used remotely. According to experts, the M1 hardware vulnerabilities cannot be fixed with software, so the MIT team believes that this may affect future devices if the problem is not fixed in the following architectures. And not only Apple, but also other manufacturers that support pointer authentication, such as Qualcomm and Samsung.
The attack targets the Arm pointer authentication function. Pointer authentication is commonly used to verify software using cryptographic signatures. They are also called Pointer Authentication Codes (PACs). Attacks typically use memory corruption techniques, such as buffer overflows, to gain full control. PACMAN includes guessing the value for the PAC using a speculative execution attack very similar to Specter and Meltdown.
Experts offer three options for protecting against PACMAN attacks: make changes to hardware or software (this approach can lead to significant performance degradation), adapt previously developed Specter mitigation methods to PACMAN, fix memory corruption vulnerabilities.
Apple said in a statement that the vulnerability itself does not pose a threat, and it is not enough to bypass the protection of the operating system. They also said that it is not yet clear whether it refers to the hardware component of the attack or to the software one.
Source: Trash Box
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
