MIT researchers uncover ‘unpatchable’ flaw in Apple M1 chips

MIT researchers discovered that Apple's M1 chips have an "unpatchable" hardware vulnerability that could allow attackers to break through its security defenses.

There is a hardware level security mechanism utilized in Apple M1 chips that is vulnerable. It is much harder for an attacker to inject malicious code into a device's memory and provides a level of defense against buffer overflow exploits, a type of attack that forces memory to spill out to other locations on the chip.

A novel hardware attack has been created by researchers from MIT's Computer Science and Artificial Intelligence Laboratory. There is no software patch that can fix the attack because it uses a hardware mechanism.

The attack, appropriately called "Pacman," works by "guessing" a sign that an app hasn't been tampered with. This is done using speculative execution, a technique used by modern computer processors to speed up performance by speculatively guessing various lines of computation, to leak the results of the PAC verification.

The researchers found that it was possible to try all of the possible values for the PAC.

In a proof of concept, the researchers demonstrated that the attack works against the kernels, which is the software core of a device's operating system.

If all else fails, you can still rely on it to prevent attackers from taking over your system. pointer authenticating as a last line of defense isn't as strong as we thought.

The M1, M1 Pro, and M1 Max are some of the custom ARM-based chips that Apple has implemented, and a number of other chip manufacturers have either announced or are expected to ship new chips that support hardware-level security. MIT has not tested the attack on the Apple M2 chip.

According to the research paper, if not mitigated, our attack will affect the majority of mobile devices.

According to the researchers who presented their findings to Apple, the attack on the M1 chip can only take an existing bug that is protected against, and not a new one. Apple did not comment when contacted.

A flaw in Apple's M1 chip that creates a covert channel that two or more already installed malicious apps could use to transmit information to each other was discovered in May last year. The bug can't be used to steal or interfere with data that's on a Mac.