Frightening vulnerability in M1 chips: Cannot be fixed!

MIT researchers discovered a hardware-based vulnerability in the Apple M1, M1 Pro and M1 Max chips. Since the vulnerability in question is hardware-based, it cannot be fixed with any security patch.

M1 chips ” Pacman” attack

The vulnerability discovered in M1 chips occurs in a hardware-level security mechanism called beacon authentication codes or PAC. This feature makes it much more difficult to insert malware into the device’s memory. In this way, protection against buffer overflow vulnerabilities that occur when more data is placed in the buffer than its size is provided.

However, MIT researchers managed to bypass this firewall by using a software and hardware-based method for executing speculative code such as Meltdown and Specter vulnerabilities to bypass this security feature.

Thanks to the attack called “Pacman”, hackers are able to gain access to the operating system kernel. This means that computer control and personal data fall into the hands of hackers. But there is nothing for users to worry about yet. Because, in order for the Pacman vulnerability to work, some conditions must be met. First of all, the system under attack must have an existing memory corruption bug. Therefore, MIT researchers say users should not worry for now.

However, one of the team that found the vulnerability, Joseph Ravichandran, said, “CPU designers of the future should take this attack into account when building the secure systems of tomorrow. Otherwise, our attack will affect most mobile devices, and possibly even desktop devices in the coming years. Developers will only need to protect their software. should be careful not to rely on pointer authentication.” he added.

Apple: “We’re aware of the issue, so users shouldn’t worry.”

After the researchers shared their findings with Apple, the Cupertino tech giant made the following statement:

“Based on our analysis and the details shared with us by the researchers, it is clear that this issue does not pose an immediate risk to our users, and that the operating system security protections are the only We concluded that he was insufficient to jump on his own.”