A new security vulnerability has been discovered by researchers at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) that targets Apple’s popular M1 processor. The attack, which is being referred to as “PACMAN”, is capable of bypassing the last line of defense against software bugs on the M1 and potentially other ARM-based processors.

PACMAN attacks pointer authentication, which is the last stop for most software vulnerabilities. Pointer authentication confirms that a program hasn’t been changed in malicious ways. It serves as a “safety net… in the worst case scenario,” according to MIT PhD student Joseph Ravichandran. MIT’s researchers developed PACMAN to guess the pointer authentication signature, bypassing this critical security mechanism. The researchers say that PACMAN exploits a hardware mechanism, so a software patch can’t fix it.

The attack works by running all possible pointer authentication values through a hardware side channel, which reveals if the guess was correct or not. The attack basically runs a computing task that’s not required at the time of execution – which means there isn’t a trace left by PACMAN.

“The idea behind pointer authentication is that if all else has failed, you still can rely on it to prevent attackers from gaining control of your system,” Ravichandran, who co-wrote the PACMAN report, said. “We’ve shown that pointer authentication as a last line of defense isn’t as absolute as we once thought it was.”

PACMAN is a legitimate threat for the M1 and other ARM-based systems that use pointer authentication. However, MIT researchers say that there’s no reason to panic right now. PACMAN allows software bugs through that would normally be blocked by pointer authentication. Basically, a software vulnerability must exist first for PACMAN to do anything.

Apple is usually pretty quick to respond to vulnerabilities. MIT says that PACMAN is an attack that is focused more on the processors of the future.

Ravichandran says that “the concerning question is not whether the current ARM processors are vulnerable, but whether future ARM processors are also vulnerable.” ARM itself is aware of the vulnerability and plans to release an update on the ARM Security Center Developer site when they conclude their investigation.

In a statement, Apple said: “We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques. Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own.”

Although PACMAN isn’t an immediate threat to the M1, these findings come at an inopportune time – as Apple just announced the M2 processor, which likely uses pointer authentication as well. “Developers should take care to not solely rely on pointer authentication to protect their software,” Ravichandran offers as advice for issues that could arise out of PACMAN with future chips.

Despite the vulnerability, neither Apple nor MIT’s researchers seem overly concerned. Ravichandran says that although pointer authentication is “used all over the place in PAC-enabled binaries (such as the macOS kernel),” it only works “as a last step in exploitation, when everything except for pointer authentication has been bypassed.”

Although there isn’t immediate concern, that doesn’t mean PACMAN is harmless. Ravichandran warned that “using PACMAN to bypass pointer authentication opens the door to arbitrary code execution, which would give the attacker complete control of a device.” Researchers also suspect that future ARM processors with pointer authentication could be vulnerable, too.

This is the first time M1 has faced a vulnerability. A hardware-based security vulnerability was discovered in May, however it was not considered a major problem and also hasn’t caused widespread issues.

So how can you protect yourself from potential risk? Immediately, nothing critical needs to be done. However, PACMAN only works if a software bug exists, so it is important to always keep your software updated.

Story via Digital Trends