Researchers at the Computer Science and Artificial Intelligence Laboratory (CSAIL) at the Massachusetts Institute of Technology (MIT) have discovered a type of attack called PACMAN that exploits a hardware vulnerability in Apple M1 series chips.
The attack was named PACMAN and works with Pointer Authentication. Pointer Authentication is a security feature designed to protect the processor from intruders who gain access to memory. Pointers store memory addresses, and the Pointer Authentication Code (PAC) checks for unplanned changes to pointers as a result of an attack.
The PACMAN attack is carried out using a combination of hardware and software and can be done remotely, without physical access to the victim’s computer. In theory, PACMAN gives an attacker access to the OS kernel, which, in fact, means complete control over the machine.
The most unpleasant thing is that this hardware vulnerability cannot be fixed by any software means — that it can remain relevant not only for existing products but also for future products. In addition, the problem may be relevant for other ARM processors, including the new M2 chip, which has not yet been tested by MIT.
The researchers reported their discovery to Apple months ago. The vulnerability has not yet been registered in the public CVE database, but the authors of the project promised to do so in the near future.
Apple said there are no immediate risks to users. The company thanked the researchers for their work, but the tech giant’s experts concluded that this attack alone was not enough to bypass operating system protections.