O Apple M1 chippresent in notebooks and desktops from Apple, has a flaw that cannot be corrected by patches, as announced by researchers at the Massachusetts Institute of Technology (MIT), in the United States, on Friday (10). The problem lies in a security mechanism called Pointer Authentication Codes (PAC).
This feature makes it difficult to inject malicious code into the device’s memory, acting as a kind of last line of defense in potential intrusions. However, the institution’s experts developed an attack capable of “guessing” the exact authentication code to overcome the tool and invade the PC without leaving a trace.
In the lab proof of concept, they demonstrated that the hack called “PAC MAN” even works against the software core of a device’s operating system (kernel). Such a finding has “huge implications for future security work on all ARM systems with PAC,” according to study co-author Joseph Ravichandran.
The M1 processor powers several Apple devices.Source: Unsplash
The report points out that the vulnerability affects the standard version of the M1 processor and variants M1 Pro and M1 Max. As for the newly announced Apple M2 chip, which also uses the pointer authentication mechanism enabled, it is not yet known about the existence of the flaw as it has not been tested.
Apple minimizes risks
In the paper, MIT researchers said that most mobile devices and even desktops could be affected by laboratory-like attacks in the coming years if the problem is not mitigated. But for the applethe vulnerability is not that serious, in addition to relying on physical access to the device to be exploited.
“Based on our analysis and the details shared with us by the researchers, we have concluded that this issue does not pose an immediate risk to our users and is insufficient to circumvent the security protections of the operating system on its own,” said the Apple spokesperson. Scott Radcliffe to TechCrunch.