Reassuring statement from Apple!

Apple made a statement on the vulnerability discovered by MIT in the Pointer Authentication security feature on the M1 processor.
 Reassuring statement from Apple!
READING NOW Reassuring statement from Apple!

Apple introduced the Arm-based M1 chip, which was among the best laptop processors last year. In this way, it managed to go one step further in terms of both performance and power consumption. However, MIT researchers announced that the security feature called Pointer Authentication in the M1 chip can be bypassed thanks to the PACMAN virus.

Is the Pointer Authentication measure of M1 processors sufficient for PACMAN virus?

According to data revealed by MIT researchers, malicious people can exploit memory corruption vulnerabilities in software and weaknesses in microprocessor design to circumvent authentication codes. In the first place is the Pointer Authentication security feature of the M1 processor.

Potential vulnerabilities on the side of memory corruption are one that could allow malicious people to mess with the contents of the memory location and hijack a program’s execution function, with very dangerous consequences.

Arm, which carries out many studies on security measures for processors, uses an encryption method known as Pointer Authentication (Pointer Authentication) or PAC. Hackers who want to bypass this type of measure need to estimate the PAC value. But it should be noted that simple rough estimates will not work. Because the program crashes automatically when the wrong attempt is made.

The recently emerged PACMAN virus comes into play here. It can be used to distinguish between correct PAC and invalid attempts without causing any crashes. In other words, Pointer Authentication in the M1 processor can bypass the security measure in the system.

Apple’s statement is as follows:

Many chip manufacturers, including Qualcomm and Samsung, have released processors with Pointer Authentication. Some of them are expected to be released in the near future. It is true that if the risk is not mitigated, it could affect most mobile devices in the future, possibly even desktop devices. But for now, there is no vulnerability for users to worry about.

What do you think about this issue? Don’t forget to share your views with us in the comments!

Comments
Leave a Comment

Details
135 read
okunma57955
0 comments