Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267
0

MIT researchers say security flaw in Apple’s M1 chip can’t be fixed | #macos | #macsecurity | #hacking | #aihp


If you’re cruising along on a device with an Apple M1 chip, you may want to exercise caution. Researchers at MIT have uncovered a seemingly unpatchable hardware vulnerability that could open your devices up to bad actors.

According to researchers, Apple M1 chips are vulnerable due to a security feature called pointer authentication codes (PAC).

This security feature protects the CPU against any attackers that may have somehow gained access to the memory and beyond. The “pointers” store memory addresses. PAC searches for pointer changes as a result of any attacks.

READ MORE: Google researcher goes on leave after claiming AI is sentient

But while this isn’t something that can easily be patched out, there does seem to be a way to resolve it, at least somewhat. MIT CSAIL researchers discovered that a special hardware attack can bypass the PAC check failsafe.

Image: KnowTechie

The cleverly-named “PACMAN” attack can simply seek out the correct value that can let hackers bypass the pointer authentication. The result? The attack still commences.

MIT CSAIL notes that this could grow into a much larger issue. Attacks can be performed remotely, which makes it an even bigger problem. And since it’s a vulnerability that exploits hardware, pushing a software patch will do nothing.

Perhaps the worst part is that Arm processors with pointer authentication are all at risk — so this goes beyond being just an M1 issue.

Apple recently announced the M2 chip during its most recent WWDC keynote. It’s unclear whether the M2 has been tested to feature this same flaw.

Apple has yet to comment on the situation, and it’s unclear how the issue will ultimately be resolved. We’ll be keeping an eye out on where things go from here.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:


Click Here For The Original Source.


————————————————————————————-

National Cyber Security

FREE
VIEW