“PacMan attack”: Mac M1 affected by an impossible to correct flaw

MIT researchers have discovered a flaw in a security system built directly into Apple’s M1 processor. Without constituting an immediate risk, it is quite serious because it cannot be corrected by a software update.

No sooner had the new M2 processor been announced than researchers discovered a flaw in Apple’s M1 processor which equips in particular the MacBook. A team from Massachusetts Institute of Technology (MIT) in the United States published an article in which they unveiled a flaw dubbed “Pacman”, which manages to bypass the last line of defense of the processor.

One of the security measures implemented in the processor M1 is called point authentication code (CAP) or pointer authentication code, a cryptographic signature that confirms that a program has not been tampered with. The PAC is meant to protect against memory-level code injections and buffer overflows.

A security system also planned on other ARM processors

The researchers managed to create an attack that manages to guess this code through speculative execution. It even works against the system kernel. They haven’t tested the new M2 processor, but this also uses the codes pointer authentication. This security measure is also provided for inother processors with ARM architecture, in particular those from Qualcomm and Samsungused in the majority of smartphones. The flaw could therefore have important ramifications in the future.

This breach being located at the hardware level, it is impossible to correct by a software update. Nevertheless, Apple wants to be reassuring. PACs are an additional line of defense to prevent the exploitation of certain vulnerabilities. Any attack targeting Pacman will therefore first have to find another system flaw to be effective. Devices with M1 chips are therefore not in danger, at least for now, provided you keep your device up to date.