Researchers at the Massachusetts Institute of Technology (MIT) say the “last line of security” for Apple Silicon hardware can potentially be bypassed.
Scientists at MIT’s Computer Science & Artificial Intelligence Laboratory found a vulnerability pertaining to the hardware-level pointer authentication codes (PAC), which Apple uses to ensure programmes attempting to execute code are safe.
The MIT boffins have found a way to bypass this with a device that guesses the PAC continually, until it finds the right key. They’re calling it a ‘PACMAN’ attack.
In the research paper published this week, the paper’s lead co-author Ph.D. student Joseph Ravichandran wrote: “The idea behind pointer authentication is that if all else has failed, you still can rely on it to prevent attackers from gaining control of your system. We’ve shown that pointer authentication as a last line of defence isn’t as absolute as we once thought it was.”
“When pointer authentication was introduced, a whole category of bugs suddenly became a lot harder to use for attacks. With PACMAN making these bugs more serious, the overall attack surface could be a lot larger,” he added.
They researchers do say there is “no immediate call for alarm” because there needs to be a myriad of other breakages in order to for this ‘last line of defence’ to be cracked. The researchers presented their findings to Apple, who responded with a statement to TechCrunch.
An Apple spokesperson said: “We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques. Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own.”