MIT Researchers Discover New Flaw in Unpatchable Apple M1 CPUs


A new hardware attack called PACMAN has been demonstrated against Apple’s M1 processor chipsets, potentially arming a malicious actor with the ability to gain arbitrary code execution on macOS systems.

It uses “speculative execution attacks to bypass an important memory protection mechanism called ARM Pointer Authentication, a security feature used to enforce pointer integrity,” MIT researchers Joseph Ravichandran, Weon Taek Na, Jay Lang and Mengjia Yan said in a new newspaper.

More worryingly, “although the hardware mechanisms used by PACMAN cannot be patched with software functions, memory errors can occur,” the researchers added.

The vulnerability is rooted in pointer authentication codes (PACs), a line of defense introduced in the arm64e architecture that aims to make unexpected changes to the Clues — objects that store a memory address — in memory.

PACs are intended to address a common problem in software security, such as memory corruption vulnerabilities, which are often exploited by overwriting control data in memory (i.e., pointers) to redirect code execution to an arbitrary location specified by the attacker is controlled.

While strategies such as Address Space Format Randomization (ASLR) are designed to increase the difficulty of executing buffer overflow attacks, the purpose of PACs is to establish the “validity of pointers with minimal size and performance impact” and effectively prevent an opponent from creating valid pointers for use in a exploit.

This is accomplished by protecting a pointer with a cryptographic hash — called a Pointer Authentication Code (PAC) — to ensure its integrity. Apple explains PACs as follows –

Pointer verification works by providing a special CPU instruction to add a cryptographic signature — or PAC — to unused high-order bits of a pointer before storing the pointer. Another statement removes and authenticates the signature after the pointer is read from memory. Any change in the stored value between write and read invalidates the signature. The CPU interprets an authentication error as memory corruption and sets a high-order bit in the pointer, which invalidates the pointer and crashes the app.

But PACMAN “removes the primary barrier to conducting control flow attacks on a platform secured with pointer authentication.” It combines memory corruption and speculative execution to circumvent the security feature and leaks “PAC authentication results through micro-architectural side channels without causing crashes”.

The attack method, in a nutshell, allows distinguishing between a correct PAC and incorrect hash, allowing a bad actor to “bruteally force the correct PAC value while suppressing crashes and a control-flow hijack attack on a PA.” activated victim program or operating system.”

In turn, the crash prevention succeeds because each PAC value is speculatively guessed by using a timing-based side channel through the translation look-aside buffer (TLB) using a Prime+Probe attack.

Weapon speculative execution vulnerabilities, as observed in the case of Specter and Meltdown out-of-order executiona technique used to achieve a performance improvement in modern microprocessors by: to predict the most likely path of a program’s execution flow.

It is worth noting, however, that the threat model assumes that an exploitable memory corruption vulnerability already exists in a victim program (kernel), which in turn allows the unauthorized attacker (a malicious app) to inject malicious code into certain memory locations in the victim process .

“This attack has important implications for designers looking to implement future processors with pointer authentication, and has broad implications for the security of future control-flow integrity primitives,” the researchers concluded.