So far, the Apple M1 chip he did nothing but make him happy in Cupertino. Since its launch about a year and a half ago, the first of Apple’s first-generation chipsets and its “big brothers”, the Pro, Max and Ultra variants, have garnered rave reviews, proving that the engineering work in designing their own chips is the most remarkable.

However, it must have been in the week when the long-awaited Apple M2 was introduced, and exactly on the day of the leak of information about the future M2 Max, when it became clear that Apple m1 has a security issuealthough, and this is very important, does not affect users of devices with this chipYes, it’s a serious wake-up call for Apple, but also for other integrated designers about the risks of security neglect in the design phase of the chip.

Researchers at the Computer Science & Artificial Intelligence Laboratory (CSAIL) of the Massachusetts Institute of Technology have designed a proof of concept called PACMAN, which consists of a mixed attack capable of exploiting a vulnerability identified in a pointer’s authentication code Apple PAC (PAC), which normally protects devices from exploiting issues related to memory corruption processes.

PAC, during normal operation, assigns a cryptographic signature to each memory pointerwhich is used to securely verify them before use. With distance savings, we can compare each of the signatures generated by the PAC with HASH codes that allow us to trust what is associated with it. The Apple M1 would theoretically be protected from attacks that seek to modify pointers for malicious purposes.

The problem that MIT researchers have identified when implementing PAC is that there are a limited number of possible signature values, so in an effort to exploit this weakness of the Apple M1 supported by speculative implementation (a technique that allows certain points to be deduced). it would be possible to substantially reduce this list, which in turn This would allow you to try all the options until you find the right one..

PAC-MAN, in itselfit is not enough to invent an attack against a system based on the Apple M1, there would have to be another set of circumstances in order to be exploited. However, as mentioned above, this is an indication that the signature verification offered by the PAC may not be sufficient and therefore the CSAIL urges the technical teams to take this weakness into account in their future proposals.

This vulnerability has been acknowledged by Apple, which also recognizes and appreciates the work of MIT researchers.. However, it is not clear whether this problem is reproduced on the Apple M2 (which also uses the PAC to verify metrics), which would be unfortunate but understandable. The key, of course, will be to check whether the vulnerability of the Apple M1 in future Cupertino SoCs is mitigated, which we will have to wait for.