Security News > 2022 > June > New PACMAN hardware attack targets Macs with Apple M1 CPUs
A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems.
Discovered by researchers at MIT's Computer Science & Artificial Intelligence Laboratory, this new class of attack would allow threat actors with physical access to Macs with Apple M1 CPUs to access the underlying filesystem.
We found a way to defeat pointer authentication on the Apple M1 via a new hardware attack.
While Apple can't patch the hardware to block attacks using this exploitation technique, the good news is that end-users don't need to be worried as long as they keep their software up to date and free of bugs that could be exploited to gain code execution using PACMAN. "PACMAN is an exploitation technique- on its own it cannot compromise your system. While the hardware mechanisms used by PACMAN cannot be patched with software features, memory corruption bugs can be," the researchers added.
Apple says this new side-channel attack doesn't represent a danger to Mac users, given that it also requires other security vulnerabilities to be effective.
Security experts have argued that the attack doesn't come with "Real-world utility," which was confirmed by Joseph Ravichandran, an MIT Ph.D. student and one of the four researchers behind PACMAN. You can find more technical details about this novel hardware attack on the dedicated site and in the "PACMAN: Attacking ARM Pointer Authentication with Speculative Execution" paper [PDF] that will be presented at the International Symposium on Computer Architecture on June 18.