Apple M1 found a vulnerability that can not be fixed

The Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory (CSAIL) has detailed a new attack that exploits a hardware vulnerability in the Apple M1 series processors. The team used the Apple M1 processor as a sample to demonstrate the vulnerability, while other Arm chips could not reproduce such an attack. The researchers claim that using the new PACMAN technique, it is possible to gain access to the main kernel of the operating system. This gives attackers complete control over the system through a combination of software and hardware attacks.

The exploit does not require physical access to a computer, so it can be used remotely. According to experts, the M1 hardware vulnerabilities cannot be fixed with software, so the MIT team believes that this may affect future devices if the problem is not fixed in the following architectures. And not only Apple, but also other manufacturers that support pointer authentication, such as Qualcomm and Samsung.

The attack targets the Arm pointer authentication function. Pointer authentication is commonly used to verify software using cryptographic signatures. They are also called Pointer Authentication Codes (PACs). Attacks typically use memory corruption techniques, such as buffer overflows, to gain full control. PACMAN includes guessing the value for the PAC using a speculative execution attack very similar to Specter and Meltdown.

Experts offer three options for protecting against PACMAN attacks: make changes to hardware or software (this approach can lead to significant performance degradation), adapt previously developed Specter mitigation methods to PACMAN, fix memory corruption vulnerabilities.

Apple said in a statement that the vulnerability itself does not pose a threat, and it is not enough to bypass the protection of the operating system. They also said that it is not yet clear whether it refers to the hardware component of the attack or to the software one.

Source: Trash Box

You may also like

USD: It seems cheap – Ing
Markets
Joshua

USD: It seems cheap – Ing

The dollar was not affected in the first half of July due to the escalation of commercial tensions. Nor does