An attack 'PACMAN' that exploits an uncorrectable vulnerability in the Apple M1 chip is found

Apple's M1 chip has multiple layers of security that protect it from attacks. The final layer of protection is called Pointer Authentication ( PAC ), and the existence of an uncorrectable vulnerability that can bypass this PAC has been discovered. Hardware attacks that bypass PAC are named ' PACMAN '.

PACMAN
https://pacmanattack.com/

New'PacMan' defect in Apple Silicon is an echo of Specter and Meltdown | AppleInsider
https://appleinsider.com/articles/22/06/10/new-pacman-flaw-in-apple-silicon-is-an-echo-of-spectre-and-meltdown

MIT researchers uncover'unpatchable' defect in Apple M1 chips | TechCrunch
https://techcrunch.com/2022/06/10/apple-m1-unpatchable-flaw/

'PACMAN' was reported by Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan, researchers at the MIT Computer Science and Artificial Intelligence Laboratory. It is a new attack method that uses speculative execution attacks to bypass the PAC and speculatively leaks the verification results of the PAC without crashing through the side channel of the microarchitecture.

Since the vulnerability is related to hardware, it cannot be resolved by software patches.

News site Apple Insider states that 'general Mac users will not be able to exploit the vulnerability because physical access to the terminal is required to execute the attack', but the PACMAN attack report site Then, when asked 'Does the attack require physical access?', 'No. We actually did all the experiments on a machine in a network in another room. Code execution by an unprivileged user If possible, PACMAN can operate remotely without any problems. '

According to the researchers, no practical examples of PACMAN have been confirmed, and the findings and proof-of-concept code have been reported to Apple.