Pacman Attack is the nickname given to a new type of attack targeting Apple M1 processors. By targeting the “Pointer Authentication” of Apple processors, with a speculative execution method, hackers can successfully execute code on affected Macs.
Everyone has their security flaws, and Apple is not spared. Discovered by MIT researchers, a new attack exploits a vulnerability present in the “Pointer Authentication” functionality of M1 processors. This security feature adds a cryptographic signature (PAC, for ” pointer authentication code ”) allowing macOS to detect and block unexpected changes that could lead to data leaks or compromise the system.
A memory bug as a gateway
” PACMAN takes an existing software bug (memory read/write) and turns it into a more serious exploit primitive (a pointer authentication bypass), which can lead to arbitrary code execution. To do this, we must find what is the PAC value of the specific pointer of each victim “Explain the MIT researchers behind the discovery.
” PACMAN does this by creating what we call an Oracle PAC, which is the ability to tell whether a given PAC matches a specific pointer. The Oracle PAC should never crash if an incorrect guess is provided. We then test all possible values of PAC using the Oracle PAC “, they continue. A method that allows ultimately to execute code without crashing the entire system and without leaving traces in the logs, we read.
Low risks for users…
As specified on the page devoted to the Pacman attack, physical access to the target device, under M1 processor, is not required to exploit the flaw. Keeping your Mac up to date nevertheless limits the risks since memory bugs are less likely to occur. And fortunately, because Apple cannot patch its M1 processors to correct the flaw discovered in the “Pointer Authentication” functionality.
Apple says this vulnerability poses no immediate risk to users of Macs running M1 processors. ” Based on our analysis, as well as the details shared with us by the researchers, we have concluded that this issue poses no immediate risk to our users and is insufficient to bypass device protections on its own. same “Said a spokesperson for the firm, who wants to be reassuring.
Note that researchers from MIT and Apple have been collaborating since last year on the issue of this security flaw. So there is a good chance that the new M2 chip, unveiled last week at WWDC 2022, will be spared.
Source : Pacman Attack, Bleeping Computer
14