Apple M1 Chips Affected by Unpatchable "PACMAN" Exploit -

Apple M1 chips are a part of the Apple Silicon family that represents a new transition to Arm-based cores with new power and performance targets for Apple devices. A portion of building a processor is designing its security enclave, and today we have evidence that M1 processors got a new vulnerability. The PACMAN is a hardware attack that can bypass Pointer Authentication (PAC) on M1 processors. Security researchers took an existing concept of Spectre and its application in the x86 realm and now applied it to the Arm-based Apple silicon. PACMAN exploits a current software bug to perform pointer authentication bypass, which may lead to arbitrary code execution.

The vulnerability is a hardware/software co-design that exploits microarchitectural construction to execute arbitrary codes. PACMAN creates a PAC Oracle to check if a specific pointer matches its authentication. It must never crash if an incorrect guess is supplied and the attack brute-forces all the possible PAC values using the PAC Oracle. To suppress crashes, PAC Oracles are delivered speculatively. And to learn if the PAC value was correct, researchers used uArch side channeling. In the CPU resides translation lookaside buffers (TLBs), where PACMAN tries to load the pointer speculatively and verify success using the prime+probe technique. TLBs are filled with minimal addresses required to supply a particular TLB section. If any address is evicted from the TLB, it is likely a load success, and the bug can take over with a falsely authenticated memory address.

On the PACMAN website, you can see the attack in much greater detail and learn about it in-depth. It is important to note that Apple is aware of the issue, and researchers have been in talks with the company ever since 2021. Keeping the software up to date is mandatory, as these kinds of memory corruption bugs are patchable. The hardware part of this exploit is not patchable; however, users shouldn’t be worried as it requires both software and hardware exploits to function.

News

50+ enhanced games available at launch November 7 – PlayStation.Blog

As the Persona and Yakuza series fly beyond 20 million sales each, Sega says its JRPG successes are thanks to the power of multi-platform releases

“Venus Vacation PRISM – DEAD OR ALIVE Xtreme -” Coming March 6th, 2025 & Available for Pre-order – PlayStation.Blog

Nintendo Life eShop Selects & Readers’ Choice (October 2024)

Monster Hunter Wilds players keep making Final Fantasy 14’s Yoshi-P in the beta character creator, and he’s not totally happy about it

Final Fantasy 14’s Yoshi-P confirms Square Enix remains committed to its multiplatform strategy, but hopes more Xbox fans actually play its new JRPGs

ICYMI: ‘Nintendo Music’ Has Spoiler Prevention, Here’s How To Activate It

Diablo 4 boss’ plan for Gears of War 6 would’ve taken the series to space, but “we weren’t going to start Mass Effect-ing this”

Box Art Brawl – Duel: Sonic X Shadow Generations

Apple M1 Chips Affected by Unpatchable “PACMAN” Exploit