Experts from Massachusetts Institute of Technology’s Computer Science and Artificial Intelligence Laboratory (CSAIL) detailed a new attack that exploited a hardware vulnerability in Apple M1 series processors. While the team used the Apple M1 processor as a model to demonstrate the vulnerability, other Arm chips failed to replicate such an attack. Researchers say you can access the main core of the operating system using the new PACMAN technique. This combines software and hardware attacks, giving attackers full control over the system.

The exploit does not require physical access to the computer, so it can be used remotely. According to experts, M1 hardware vulnerabilities cannot be fixed with software, so the MIT team believes that this could affect future devices if the issue is not fixed in the following architectures. And not only Apple, but also other manufacturers that support authentication with beacons, such as Qualcomm and Samsung.

The attack focuses on the Arm pointer authentication functionality. Token authentication is typically used to authenticate software with cryptographic signatures. These are also called beacon authentication codes (PACs). Attacks typically use memory corruption techniques such as buffer overflows to gain full control. PACMAN involves estimating the value of the PAC using a speculative execution attack very similar to Specter and Meltdown.

Experts offer three options for protection against PACMAN attacks: modify hardware or software (this approach can significantly reduce performance), adapt previously developed methods to mitigate Specter’s effects on PACMAN, fix vulnerabilities against memory corruption.

In a statement from Apple, it was stated that the vulnerability is not a threat in itself and is not sufficient to circumvent operating system protection. They also stated that it is still unclear whether the attack belongs to the hardware component or the software.