Unrepairable M1 Chip Vulnerability: Really That Dangerous?

Recently, among others, Tech Crunch berichtetthat researchers at MIT have discovered a security hole in the M1 chip family. It should be remarkable because it occurs in the hardware and therefore cannot be fixed with a software patch. But what is behind the fatal-sounding headline "MIT researchers uncover 'unpatchable' flaw in Apple M1 chips“? Do all users of Mac models with M1, M1 Pro, M1 Max and M1 Ultra fear that their computer will be the target of an attack? Or is it just a proof of concept that will find little or no use in practice? Here you can find the results of my research on the subject.

MIT has found a hardware vulnerability in Apple's M1 chip. Is that a reason to panic? no Because the Mac is still secure. While the hardware cannot be fixed, the bug required for exploitation can be fixed on the software side. Here you can read in detail what is behind the Pacman vulnerability of the M1 chip family.

What is the M1's "Pacman" hardware vulnerability?

In order to understand whether and to what extent the vulnerability in the M1 chip family discovered at the Massachusetts Institute of Technology (MIT) could be dangerous, one has to take a look at the details. The fact that attacks here are aimed at the last line of defense of the ARM chip and must exploit a bug shows that it will not produce a completely new type of malware. The malware (Virus, trojans, spyware, stalkerware, ransomware, etc.) must have circumvented all other security mechanisms and found an unfixed software vulnerability in order to get to this critical point. And that's hard enough. 

But now to the details of the M1 vulnerability "Pacman": This is about the so-called PAC protection. This is a hardware-side protection of the memory or main memory, which is provided by so-called Pointer Authentication Codes, PAC for short, is implemented. These codes are composed of cryptographic hash values ​​or similarly complex encryption. A comparison with known and approved values ​​ensures that programs and codes with read and write access to the memory are secure. In detail, the "pointer" is saved, i.e. the object that stores the memory address and thus assigns memory locations.

The MIT researchers have now shown in a proof of concept, i.e. with proof of the fundamental feasibility of a technology, that the pointer authentication codes could be "guessed". This would lead to malicious software – if it can penetrate to that point – gaining access to the memory and e.g. B. can cause an overflow. The same could paralyze the Mac. The procedure was funnily christened "Pacman", in reference to the PAC. It can not only be directed against the memory protection in the system, but theoretically also against the kernel, i.e. against the core of the operating system. 

How dangerous is the PAC vulnerability for Mac users?

One could now make numerous clickbait articles on the subject, extend the problem to the iPhone, iPad and other devices due to the ARM architecture of the chip, and sound the alarm because no software update can fix it. But that doesn't do justice to the "danger" that does not exist at all for everyday users of iPhone, iPad, Mac and Co. As described below in the linked Tech Crunch article, Pacman is not an entry point for malware, nor is it a shortcut for hackers planning attacks on computers and other devices. An existing bug (which can be fixed in the software!) has to be exploited in order to get to this point in the security chain, which only makes the project more difficult.

Technically inexperienced users are more or less fooled by such posts into thinking that they are dealing with an insecure device that could be infiltrated by malware at any moment and wreak havoc. But this is not the case. Also, nothing speaks more than usual for or against buying a Mac, iMac or MacBook with a chip from the M1 family. So if you want to know whether the intention to buy should be withdrawn because of the headline shown above or similar headlines, you only have to read the respective article carefully and look up one or two terms if necessary. Then it turns out that many of these scaremongering headlines have little substance.

With the first link in the following list you will find an information page about the "Pacman" vulnerability. There it says under the point "Should I be worried?" As long as you keep your software up to date, no. PACMAN is an exploitation technique - alone it cannot compromise your system. While the hardware mechanisms used by PACMAN cannot be patched with software functions, bugs related to memory utilization can be fixed.

Here are a few starting points for further reading on the subject:

-

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Leave a Comment

Your e-mail address will not be published.