Yep it could also effect other ARM chips. Hopefully they test other ARM chips too. But I think it would take 2 years for those chips to come ro market
Last edited:
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Unpatchable flaw in M1 chip
- Thread starter drdudj
- Start date
- Sort by reaction score
You obviously have not seen Mission Impossible and unaware how hackers can physically access your machine without you knowing
https://pacmanattack.com/
Does this attack require physical access?
Nope! We actually did all our experiments over the network on a machine in another room. PACMAN works just fine remotely if you have unprivileged code execution.That's just an assumption. Where does it say that on web site or white paper that they performed successful proof-of-concept against other SoCs than Apple M1? All it says is pointer authentication was introduced with ARM v8.3 but doesn't say if it's proven on other ARM implementations from Qualcomm, Samsung, Mediatek, etc. or if it affects newer ARM extensions up to v8.8 and v9.3.
Agreed, specially more so that for the bug to work, memory has to have another bug happening.
Should I be worried?
As long as you keep your software up to date, no. PACMAN is an exploitation technique- on its own it cannot compromise your system. While the hardware mechanisms used by PACMAN cannot be patched with software features, memory corruption bugs can be.https://pacmanattack.com/ - Source
There we go keep your software updated.
MIT Finds Apple M1 Vulnerability, Demos PACMAN Attack (Update)
Chomping away at Arm chip security
"and the MIT team believes the vulnerability could impact future Arm mobile devices, and likely even future Arm desktop PCs, if it isn't mitigated in future architectures. "Any chip that uses speculative execution to evaluate and operate on pointer authentication signed pointers (and handles nested mispredicts eagerly) could potentially be vulnerable to PACMAN," said Joseph Ravichandran, a researcher with the MIT team. That means this could possibly impact chips from other Arm vendors that support pointer authentication, such as Qualcomm and Samsung, but those chips haven't been tested yet."
Those other chips have not been tested it but they could be effected if they have support for pointer authentication.
Cheers for the update.
Still,
- this is a security mechanism that x86 machines don't even have
- it requires compromise of the machine via other method first. i.e., your machine has to be compromised via another exploit to even get at this protection mechanism.
No, the sky is not falling.
Obviously that is possible.
What i'm saying is that if they have the ability to do that, this exploit existing makes no difference. Like i said, beating the password/touchid/key out of you with a $5 wrench is far easier than this, most likely (assuming that physical access is required). i.e., you wouldn't bother wasting your time with this exploit, if you're the type of organization likely in a position to make use of it.
This was a good writeup:
www.extremetech.com
Researchers Found an Unpatchable Security Flaw in Apple's M1 And You Probably Don't Need to Care - ExtremeTech
There's a new security flaw in the Apple M1 chip. Dubbed Pacman, the bug is said to be unpatchable -- but it probably won't chomp you.
www.extremetech.com
I actually liked how a couple stories I linked to indicated up front that this requires some “greater than normal” effort to set up.
That’s a BIT of a stretch. It was THEIR machine that was in the other room, not a stranger’s machine where they didn’t know where it was, what it’s IP address was, what it’s security posture was, etc. So, while the attack might not require physical access, SETTING up the target to be pwned certainly would.
There are a lot of exploits that don’t require physical access in the same way. I can just have access to a monkey wrench and to someone that the owner of the system is fond of and I’d likely be able to obtain critical information from that computer in the other room WITHOUT PHYSICAL ACCESS.
Intel chips don’t even have this PAC security feature
“Macworld stated that “Because PACMAN requires a hardware device, a hacker has to have physical access to a Mac, which limits how a PACMAN can be executed,” but the research team advises me that this is incorrect. No physical access is needed.”Here's what i found with 2 seconds of google:
PACMAN M1 chip defeats last line of Apple Silicon security
A so-called PACMAN M1 chip attack created by MIT security researchers succeeded in defeating what has been described as “the...9to5mac.com
And here's the summary:
And here's my comments as a network security guy:
If someone has unfettered physical access to your machine, you're boned.
This is a hardware hacking attack requires physical access.
The short version is this: nothing to worry about unless you leave your machine unattended where bad guys can get access to it - and you're interesting enough for someone to go to the trouble to do this.
And even then, there's plenty of other things they can do with physical access. The likelyhood of this being used is probably limited to nation-state sponsored attacks (NSA/FSB and the like), where the attacker could just as easily beat your password/touchId/etc. out of you with a pipe. Or drop a camera in your home to record you typing your password, etc.
It's a vulnerability, sure - but not one that has any practical application that couldn't just be achieved by more conventional means. I'm sure apple will fix it in the M3 if it hasn't been fixed in M2, but in the mean-time there's little to worry about.
They also advise that a certain bug must be present in memory for it to work. Lots of "Ifs" in this flaw.
The intel architecture has multiple hardware flaws, so it isn’t like we can just avoid by going intel…
Intel has had massive security holes that are constantly being patched ... and unfortunately the patches degrade performance. I'm not sure if these apply to the brand new Intel chips, but both AMD and Intel have been plagued with this nonsense lately.