Apple

Apple Silicon, beware of PACMAN: unsolvable hardware vulnerability

June 13, 2022
0 3 2 minutes read
938187.jpeg
938187.jpeg

A hardware security flaw has emerged in the Apple Silicon M1 chips that, according to the MIT researchers who discovered it, cannot be fixed with a software patch. She was nicknamed PACMANin honor of one of the first great successful video games, because it concerns the so-called PACs or Pointer Authentication Code. These PACs are or will be implemented in many other ARM-architecture CPUs, so the implications of this discovery could be much broader – but for the moment the only confirmations come from the M1 chips.

As with the very serious Specter and Meltdown that we have seen in the world of x86 processors, the speculative execution – that is the ability of a processor to “guess” what the next operation will be and to execute it in its “free time” (more precisely a cycle in which it would otherwise do nothing) to save precious time. Basically, each pointer of the CPU is associated with an authentication code that ensures its legitimacy: if for some anomaly the values ​​do not match, the processor returns an error which generally results in a crash. A PAC can have up to 65,000 possible values, and researchers have devised a method that allows a malware to try them all without causing crashes – using a “combo” of speculative execution and memory corruption.

Once the malware has found the correct PAC, it can exploit it for execute unauthorized code on the device, with the obvious consequences for its software integrity. According to Apple, PACMAN, which theoretically can also be conducted remotely, does not represent an immediate risk to the security of end users, as it is not in itself sufficient to bypass all the security measures deployed by the operating system. It is important to note that the researchers themselves agree on this point: it is essentially necessary to start from another coexisting flaw or bug to launch an attack.

At this point it is difficult to understand exactly the extent of the vulnerability. Apple uses the PAC on all iterations of Apple’s Silicon M1, including the Pro, Max, and Ultra, and that’s where the direct feedback ends. The PAC is also present in the M2 chips so it is safe to assume that they too are vulnerable, even if as we said they have not yet been tested. For other manufacturers in the industry, such as Samsung, MediaTek and Qualcomm, there are either official confirmations of future adoption or very solid predictions / rumors. Ultimately, this technology was intended as a last line of defense to ensure the safety of an electronic device, but unfortunately it did not turn out to be as solid as hoped.

Tags
June 13, 2022
0 3 2 minutes read

Related Articles

iphone 14 pro pro max these stolen photos prove that.jpg

iPhone 14 Pro, Pro Max: these stolen photos prove that Apple removed the notch

July 15, 2022
1658332567 heise meets… electronic identities – added value and status.jpg

heise meets… Electronic identities – added value and status

July 20, 2022
eFootball 2023 is released as a free update for PlayStation, Xbox, PC, Android and iOS

eFootball 2023 is released as a free update for PlayStation, Xbox, PC, Android and iOS

August 26, 2022
1054163.jpeg

Does Apple iPhone 14 arrive earlier than in the past? Here because

August 18, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button