Security News > 2022 > June > MIT Researchers Discover New Flaw in Apple M1 CPUs That Can't Be Patched

It leverages "Speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity," MIT researchers Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan said in a new paper.

The vulnerability is rooted in pointer authentication codes, a line of defense introduced in arm64e architecture that aims to detect and secure against unexpected changes to pointers - objects that store a memory address - in memory.

While strategies like Address Space Layout Randomization have been devised to increase the difficulty of performing buffer overflow attacks, the goal of PACs is to ascertain the "Validity of pointers with minimal size and performance impact," effectively preventing an adversary from creating valid pointers for use in an exploit.

Pointer authentication works by offering a special CPU instruction to add a cryptographic signature - or PAC - to unused high-order bits of a pointer before storing the pointer.

The CPU interprets authentication failure as memory corruption and sets a high-order bit in the pointer, making the pointer invalid and causing the app to crash.

"This attack has important implications for designers looking to implement future processors featuring pointer authentication, and has broad implications for the security of future control-flow integrity primitives," the researchers concluded.

News URL

https://thehackernews.com/2022/06/mit-researchers-discover-new-flaw-in.html