APPLE M1: The chip is affected by a security flaw which cannot be fixed Scientists at MIT Computer Science & Artificial Intelligence Laboratory (CSAIL) have unveiled a new attack methodology that exploits a hardware vulnerability in Apple’s M1 series of chips by using a new PACMAN technique to steal data. This flaw could theoretically give malicious actors full access to core operating system kernel.

The researchers claim that the attack can allow access to kernel operating system; giving attackers full control through a combination hardware and software attacks.

“PACMAN” is an attack capable of finding the correct value to pass pointer authentication; so that a hacker can continue to access the computer. Pointer authentication is a security measure that protects the central processor unit from any attackers who have gained access to memory. Pointers store memories addresses. Pointer Authentication Codes check for any unexpected pointer modifications that might be caused by an attack.

Apple M1 chip

“The idea behind pointer authentication is that if all else fails, you can still rely on it to prevent attackers from taking over your system,” said Joseph Ravichandran, one of the co-authors. The paper. The MIT team has therefore discovered a method exploiting speculative execution techniques to bypass pointer authentication, and thus break the last line of defense available to Apple’s chips.

Unfortunately, the attack on the American manufacturer shows that hackers can disable pointer authentication without leaving any trace. Unlike previous M1 chip software flaws, this one uses a hardware mechanism, so no software patch can fix it.

Shortly after the article was published, Apple was quite confident. “Based on our analysis as well as the details shared with us by the researchers; we have concluded that this issue poses no immediate risk to our users; and is insufficient to bypass system security protections”. Apple says that Mac users should not be concerned about hacking of their devices.

--

--

--

Gateway to News Africa! | All about Startups and Entrepreneurship.

Love podcasts or audiobooks? Learn on the go with our new app.

{UPDATE} Maggie's Murder Mystery Hack Free Resources Generator

Listicle for secure Software Development Life Cycle(SDLC)

CyberVein Weekly Report 11/16/2020–11/20/2020

¡Anuncio del programa de minería de liquidez de IZI/ETH y USDC/USDT en Uniswap V3!

CyberVein Weekly Report

How I Deal With Security Vulnerabilities

Work station

Meet: Privacy Policy

Metaspiderman is ongoing.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Explode Africa

Explode Africa

Gateway to News Africa! | All about Startups and Entrepreneurship.

More from Medium

Memo: California WFP and the June 7th Primaries

Brivo CEO Steve Van Till on the Future of Software Security, Going Public

Why Monday’s Tory leadership vote could signal trouble for the UK’s markets.

Behind The Bibliophile