Security News > 2022 > June > Apple M1 chip contains hardware vulnerability that bypasses memory defense

Apple's M1 chip has been found to contain a hardware vulnerability that can be abused to disable one of its defense mechanisms against memory corruption exploits, giving such attacks a greater chance of success.

MIT CSAIL computer scientists on Friday said they have identified a way to bypass the M1 chip's pointer authentication, a security mechanism that tries to prevent an attacker from modifying memory references without being detected.

In a paper titled "PACMAN: Attacking Arm Pointer Authentication with Speculative Execution," Joseph Ravichandran, ​​Weon Taek Na, Jay Lang, and Mengjia Yan describe how they were able to use speculative execution - the way in which modern processors perform calculations before they may or may not be needed to accelerate execution - to discern the pointer authentication Code that allows pointer modification on a protected system.

3 [PDF] to protect pointer integrity and was adopted by Apple in its Arm-based chip designs in 2018.

Pointer authentication relies on a cryptographic hash called a Pointer Authentication Code - derived from the pointer value, a 64-bit context value, and a 128-bit secret key - to protect pointers from being modified.

Ravichandran said he and his colleagues had only found this one flaw affecting the M1. "We investigated the M1 chip as it is the first desktop CPU that shipped with pointer authentication," he said.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/10/apple_m1_pacman_flaw/