Apple M1 Chips Affected by Unpatchable "PACMAN" Exploit -

Apple M1 chips are a part of the Apple Silicon family that represents a new transition to Arm-based cores with new power and performance targets for Apple devices. A portion of building a processor is designing its security enclave, and today we have evidence that M1 processors got a new vulnerability. The PACMAN is a hardware attack that can bypass Pointer Authentication (PAC) on M1 processors. Security researchers took an existing concept of Spectre and its application in the x86 realm and now applied it to the Arm-based Apple silicon. PACMAN exploits a current software bug to perform pointer authentication bypass, which may lead to arbitrary code execution.

The vulnerability is a hardware/software co-design that exploits microarchitectural construction to execute arbitrary codes. PACMAN creates a PAC Oracle to check if a specific pointer matches its authentication. It must never crash if an incorrect guess is supplied and the attack brute-forces all the possible PAC values using the PAC Oracle. To suppress crashes, PAC Oracles are delivered speculatively. And to learn if the PAC value was correct, researchers used uArch side channeling. In the CPU resides translation lookaside buffers (TLBs), where PACMAN tries to load the pointer speculatively and verify success using the prime+probe technique. TLBs are filled with minimal addresses required to supply a particular TLB section. If any address is evicted from the TLB, it is likely a load success, and the bug can take over with a falsely authenticated memory address.

On the PACMAN website, you can see the attack in much greater detail and learn about it in-depth. It is important to note that Apple is aware of the issue, and researchers have been in talks with the company ever since 2021. Keeping the software up to date is mandatory, as these kinds of memory corruption bugs are patchable. The hardware part of this exploit is not patchable; however, users shouldn’t be worried as it requires both software and hardware exploits to function.

News

Annapurna Interactive’s Blade Runner 2033 game reportedly still moving ahead, despite all full-time developers quitting: “The whole situation is a baffler”

8BitDo Is Now Selling NES-Style Keycaps

“You’ve been waiting for this moment”: New Dragon Ball: Sparkling Zero trailer is straight-up ’90s Toonami nostalgia

Review: LEGO The Legend Of Zelda – Great Deku Tree 2-in-1 – A Superb Debut With One Minor Irritation

GTA 6 has a lot to live up to, a former Rockstar dev says Vice City was so accurate he could use it as a map to get around real-life Miami

IP expert says Nintendo’s Palworld lawsuit is “more likely” to take 5 years than to finish in 1, but Pocketpair can “easily” afford the legal battle

New DIY Kit Aims To Revive The “Classic GameCube Controller Feel”

Like a Dragon: Pirate Yakuza in Hawaii actually leaked months ago, but it was so ridiculous nobody believed it was real

Pirate Yakuza in Hawaii Release Date Set for February 28, 2025! – PlayStation.Blog

Apple M1 Chips Affected by Unpatchable “PACMAN” Exploit