Apple M1 Chips Have ‘Unpatchable’ Security Flaw, Say MIT Researchers

Researchers from MIT CSAIL have discovered a hardware vulnerability in Apple’s M1 chips that they say cannot be fixed with a software patch — reports Macworld.

According to the researchers, the problem lies with the M1’s use of pointer authentication. Pointer authentication is a safety feature designed to protect the CPU from bad actors who gain memory access.

Pointers store memory addresses, and pointer authentication code (PAC) checks them for changes that could be caused by an attack.

However, MIT CSAIL was able to create “PACMAN,” an exploit that can slip past pointer authentication and give the attacker access to the computer.

“When pointer authentication was introduced, a whole category of bugs suddenly became a lot harder to use for attacks. With PACMAN making these bugs more serious, the overall attack surface could be a lot larger,” MIT CSAIL’s Joseph Ravichandran, who is co-authoring a paper explaining PACMAN, wrote in an article.

The PACMAN attack exploits a hardware device, so a software patch won’t fix the problem. According to MIT CSAIL, the root cause of the vulnerability is shared by all Arm processors that use Pointer Authentication, not just Apple’s M1 chip.

What makes the PACMAN attack even more dangerous is that it doesn’t require physical access to a target device to successfully penetrate it. The MIT researchers were able to execute PACMAN attacks over the network.

MIT has not found any instances of the attack being used in the wild. In addition, the researchers said Mac users should be safe as long as they install OS updates as soon as they become available.

“Future CPU designers should take care to consider this attack when building the secure systems of tomorrow,” added Ravichandran. “Developers should take care to not solely rely on pointer authentication to protect their software.”

Apple announced the M2 chip, successor to the M1, at this year’s Worldwide Developers Conference (WWDC) event on Monday. Whether or not the next generation of Apple silicon will carry over the same hardware flaw is unclear at this time.

Last year, another group of researchers discovered a browser-based vulnerability in M1-powered Macs.

P.S. - Like our news? Support the site with a coffee/beer. Or shop with our Amazon link. We use affiliate links when possible--thank you for supporting independent media.