MIT security researchers have found a chink in their armor as a result of Apple's M1 chips.
CSAIL scientists revealed a vulnerability in the last line of security for the M1 chip. Bad actors might be able to get full access to the core operating system if the flaw is not fixed.
It is not necessary for M1 MacBook owners to worry about having their data stolen. There are unlikely conditions that need to be in place for this to work. There is an existing memory corruption bug that needs to be fixed. There is no cause for alarm according to the scientists.
Apple thanked the researchers for their work, but emphasized that the issue doesn't pose an immediate risk to MacBook owners
Apple said that they wanted to thank the researchers for their collaboration. We have concluded that the issue does not pose an immediate risk to our users and that it is not sufficient to circumvent operating system security protections on its own.
Apple's M1 chip uses a technology called PointerAuthentication to detect and guard against unexpected changes in memory. According to MIT, this is the last line of defense and can kill bugs that compromise a system and leak private information. It uses a code called "PACS" that checks for changes after an attack. When a program is deemed to be safe, aPAC is made.
The researchers found that the line of defense could be broken. That's where MIT's attack came in. A software patch won't fix the program because it guesses the value of a hardware device If you have a device that tells you if a guess is correct or false, you can try all of them until you find the right one. The ghosts won.
If all else fails, you still have a way to prevent attackers from gaining control of your system. The co-lead author of the paper is a student at MIT CSAIL.
A whole category of bugs became a lot harder to use for attacks. The attack surface could be a lot larger due to the fact that these bugs are more serious.
It's possible to give bad actors access to the sensitive parts of a system by circumventing pointer Authentication. The researchers note that an attacker can do whatever they want on a device.
The proof of concept shows that the attack can be used to attack the kernels, which has massive implications for future security work. This attack should be considered when building secure systems of the future. Developers should take care not to rely on only one method for protecting their software.
The M1, M1 Pro, and M1 Max are all based on the same architecture. The new MacBook Air and MacBook Pro 13 are powered by the M2 processor. The security feature is used in the processors that are set to be shipped by both companies.
There are three methods for preventing such an attack in the future. It is possible to modify the software to make it impossible for an attacker to go undetected while attempting to penetrate. The same way Spectre vulnerabilities are being mitigated, defending against PACman could be a possible resolution. Patching memory corruption bugs would make sure this last line of defense isn't needed.
A judge dismissed a class-action lawsuit against Apple for allegedly selling customers phones and tablets with vulnerable processors. The customers were not able to prove that they overpaid because Apple hid defects. There wasn't enough evidence to show that a security patch made those devices slower.
All Rights Reserved © 2024
