The vulnerability allows the defense mechanism of the Apple M1 processor to be bypassed

The vulnerability allows the defense mechanism of the Apple M1 processor to be bypassed

Researchers at MIT CSAIL (Computer Science and Artificial Intelligence Laboratory) have discovered a vulnerability in Apple’s M1 processor that has some features in common with Meltdown and Specter vulnerabilities, including in relation to speculative driving.


Weakness is required Bachman They can be used to bypass the Pointer Authentication Codes (PAC) security feature in the M1 processor. This is a technology developed by Arm to enforce pointer safety. This would make it difficult for attackers to inject malicious code into the device’s memory. The M1 processor is the first desktop processor to implement this functionality, but Apple has also been using PACs in mobile processors since 2018. It’s unclear if these could also be vulnerable to attack.

Bachmann alone is not enough to carry out attacks. Alternatively, PACMAN can amplify attacks that exploit memory-related software vulnerabilities. Then there may be a possibility to run an arbitrary code.

This is no coincidence, as the researchers wanted to see in advance what could be achieved by combining hardware and software vulnerabilities, by hacking into a mechanism designed to protect software.

Apple M1 processor. Photo: Apple

guess guess

To carry out such an attack, a mechanism is required by MIT researchers called the PAC Oracle, which can tell that the PAC matches a specific index. PAC Oracle guesses all possible PAC values. To avoid breakdowns, each guess is made speculative.

Although the PACMAN vulnerability cannot be patched with software, researchers believe that M1-based Mac users have good reason to worry about the PACMAN vulnerability as long as they keep the software updated on the system.

See also  Hunters team 2021

There are no immediate risks

Letic Crunch Apple, which became aware of the vulnerability in 2021, stated that the company concluded that this vulnerability does not pose an immediate risk to users, and that it alone is not sufficient to circumvent security protections in operating systems.

However, the researchers believe that PACMAN’s discovery should be taken into account in future solutions.

Future CPU designs must make sure that this attack is taken into account when building security systems for tomorrow. Developers should make sure they don’t rely solely on pointer authentication to protect their software, says Joseph Ravichandran, a doctoral student at MIT CSAIL and co-author of Scientific articleAnd the In a press release.


PACMAN is not the first vulnerability found in Apple’s M1 processor.

In 2021, the attack technology was called Oguri Discussed by a group of researchers. This technique could theoretically be used to leak preloaded data which is never used in actual instructions.

In practice, this technique was considered completely harmless.

Dalila Awolowo

Dalila Awolowo

"Explorer. Unapologetic entrepreneur. Alcohol fanatic. Certified writer. Wannabe tv evangelist. Twitter fanatic. Student. Web scholar. Travel buff."

Leave a Reply

Your email address will not be published. Required fields are marked *