The most prominent Apple chip ever developed, M1, is now realising its weaknesses after security experts have found security flaws that allow hackers to compromise Mac systems through arbitrary code execution.
Apple’s M1 chip showcases the pointer authentication tool, a security feature that protects MacOS from all known vulnerabilities with its detection and blocking capabilities to prevent data leaks or system compromise.
Tracked as PACMAN, the new Apple M1 chip hardware attack can evade the security defences brought by Mac devices’ Pointer Authentication or PAC.
Once hackers abuse the vulnerability, they can easily access M1 Mac devices and infiltrate all sensitive filesystems.
For the attackers to compromise M1-based computers, they need to search for a memory bug that affects the targeted Mac device’s software which PAC would block, in principle. As explained by the analysts, PACMAN would take an existing software flaw from memory and progress it into a more critical security issue that would eventually lead to arbitrary code execution.
The malicious procedure was completed with PACMAN creating the “PAC Oracle” – an ability to determine a PAC’s compatibility with a specified victim pointer. All the possible PAC values are typically brute forced using the PAC Oracle, which is expected not to crash whenever an incorrect match ensues, even during a kernel panic.
Currently, the PACMAN hardware attack has no patch available yet for users to apply; nonetheless, Apple says that as long as the end-users are keeping their devices updated, attackers could not abuse the flaw and would not be able to gain arbitrary code execution through PACMAN. Moreover, it is also advised for users to ensure that their M1 devices have no existing exploitable bugs.
As Apple assured their customers that the new flaw would not pose immediate risks, they added that PACMAN would require an existing system vulnerability to execute the hardware attack, which is avoidable given that users keep their computers up to date. This analysis concludes that PACMAN’s threats are insufficient to bypass Mac’s pointer authentication completely.
