Scientists at the Computer Science and Artificial Intelligence Laboratory (CSAIL) at the Massachusetts Institute of Technology have reported the creation of a PACMAN cyberattack technique based on a hardware vulnerability in Apple M1 processors.The authors of the study specified that their solution could also be relevant for other chips on the Arm-architecture, but it has not yet been confirmed in practice.Image source: apple.comAttack is performed using a combination of hardware and software and can be performed remotely, without physical access to the victim's computer.In theory, PACMAN gives the attacker access to the OS kernel, which essentially means full control over the machine.The most annoying thing is that this hardware vulnerability cannot be fixed by any software, which means that it can remain relevant not only for existing, but also for future products.Theoretically, Arm-chips from other manufacturers, including Qualcomm and Samsung, could also be vulnerable if they use pointer authentication.The attack is based on the Pointer Authentication security feature, which is used to verify executable software via cryptographic signatures or Pointer Authentication Codes (PACs).This helps protect the system from attacks involving pointer spoofing of memory addresses, which are controlled by PAC values.The PACMAN technique allows PAC values to be \"tampered with,\" working in a similar way to the Spectre and Meltdown exploits.Researchers emphasize that PACMAN works at various privilege levels all the way up to gaining access to the OS kernel.The researchers reported their discovery to Apple months ago.The vulnerability has not yet been registered in the public CVE database, but the authors of the project promised to do so in the near future.Scientists will provide all the details in their report at the International Symposium on Computer Architecture (ISCA 2022), which will open on June 18 in New York.
0 Comments