Apple’s M1 chip security successfully bypassed

Just days after announcing the upcoming release of the M2 chip at the 2022 edition of its WWDC show, Apple was alerted to the security of its previous chip, the M1. Researchers at the Computer Science and Artificial Intelligence Laboratory (CSAIL), attached to the Massachusetts Institute of Technology (MIT) have discovered a flaw in a security mechanism on the Apple brand’s M1 chips.

Feature bug rolls back security of Apple’s M1 chip

It was by attacking the M1 chip that researchers at MIT discovered a vulnerability present in the “ Pointer Authentication » M1 chips. Pointer authentication is a security feature that aims to detect and block any unexpected changes that could lead to data leaks or compromise the system. Thus, pointers store important information and Pointer Authentication Code (PAC) allows for unexpected pointer changes that can be suffered by an attack.

In the same category

US exposes methods of Chinese hackers

These specialists succeeded in targeting the ” Pointer Authentication to allow code to bypass this security. This attack was titled Pacman Attack. The MIT researchers at the origin of this discovery specify the foundations: ” Pacman takes an existing software bug (memory read/write) and turns it into a more serious exploit primitive (a pointer authentication bypass), which may lead to arbitrary code execution. To do this, we must find what is the PAC value of the specific pointer of each victim “.

To successfully find the PAC value of a pointer that bypasses the security of the M1 chip, the researchers use a very specific technique: “ Pacman does this by accepting what we call an Oracle PAC, which is the ability to tell whether a given PAC matches a specific pointer. The Oracle PAC should never crash if an incorrect guess is provided. We then test all possible values ​​of PAC using the Oracle PAC “.

Apple says the risks are low for users

Moreover, the researchers claim that this problem is not only related to the authentication pointers of the M1 chip, but also to all ARM processors. They also alerted all ARM chip designers to take this discovery into consideration for the design of their future chips (or updates) so that their new components are more secure.

For its part, Apple reacted by indicating that this vulnerability did not pose an immediate risk for users. A spokesperson for the firm said: Based on our analysis, as well as the details shared with us by the researchers, we have concluded that this issue poses no immediate risk to our users and is insufficient to bypass device protections on its own. same “.

MIT researchers and Apple have been collaborating for several months now to try to fix this flaw or find an alternative. It is possible to imagine that the new M2 chip is spared this security flaw. During WWDC 2022, Apple had also announced that security updates would now be made automatically on iOS 16, macOS Ventura and iPadOS 16.

Leave a Comment