As MacWorld explains: Pointer authentication is a security feature that helps protect the CPU from an attacker who has gained memory access. Pointers store memory addresses, and Pointer Authentication Code (PAC) checks for unexpected pointer changes caused by an attack.
Researchers from MIT have created an attack called PACMAN, which combines memory damage and speculative execution attacks to circumvent the security that Apple has imposed on these chips. Moreover, the whole thing leaves no traces, and an even more interesting detail is the fact that due to the use of a hardware mechanism, no software patch can fix it.
It is even possible to take control of the operating system kernel – which has “huge implications for future security work on all ARM systems with pointer authentication enabled,” says Joseph Ravichandran, a doctoral student at MIT CSAIL and co-author of the paper.
“The idea behind pointer authentication is that if all else fails, you can still rely on it to prevent attackers from taking control of your system,” Ravichandran added. “We have shown that pointer authentication as the last line of defense is not as absolute as we once thought it was.”
It is dangerous that the vulnerability could affect other ARM systems, so the M2 chip could be affected, but researchers have not yet confirmed this. Researchers have reported everything to Apple.
Writes: Marijan Zivkovic
You must log in to post a comment.