Apple introduced the Arm-based M1 chip, which was among the best laptop processors last year. In this way, it managed to go one step further in terms of both performance and power consumption. However, MIT researchers announced that the security feature called Pointer Authentication in the M1 chip can be bypassed thanks to the PACMAN virus.
Is the Pointer Authentication measure of M1 processors sufficient for PACMAN virus?
According to data from MIT researchers, malicious people can exploit memory corruption vulnerabilities in software and weaknesses in microprocessor design to circumvent authentication codes. In the first place is the Pointer Authentication security feature of the M1 processor.
Potential vulnerabilities on the memory corruption side are one that could allow malicious people to manipulate the contents of the memory location and hijack a program’s execution function, with very dangerous consequences.
Apple M1 users beware: Unresolved vulnerability has been discovered!
Although the Apple M1 chip has made important promises in security, a newly discovered vulnerability will not put some of us to sleep.
Arm, which carries out many studies on security measures for processors, uses an encryption method known as Pointer Authentication (Pointer Authentication) or PAC. Hackers who want to bypass this type of measure need to estimate the PAC value. But it should be noted that simple rough estimates will not work. Because if the wrong attempt is made, the program automatically crashes.
This is where the PACMAN virus, which has emerged recently, comes into play. It can be used to distinguish between correct PAC and invalid attempts without causing any crashes. In other words, Pointer Authentication in the M1 processor can bypass the security measure in the system. Of course, not only the M1, but also the M1 Pro, M1 Ultra and M1 Max chips.
The statement made by Apple is as follows:
Many chip manufacturers, including Qualcomm and Samsung, have released processors with Pointer Authentication. Some of them are expected to be released in the near future. It is true that if the risk is not mitigated, it could affect most mobile devices in the future, possibly even desktop devices. But for now, there is no vulnerability for users to worry about.
What do you think about this subject? Don’t forget to share your views with us in the comments!