Apple M1 CPUs have a new flaw that can’t be patched, according to MIT researchers. A new hardware attack known as PACMAN has been demonstrated against Apple’s M1 processor chipsets, giving a malicious actor the ability to execute arbitrary code on macOS systems.
In a new study, MIT researchers Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan describe how they utilized “speculative execution attacks to overcome a key memory protection mechanism, ARM Pointer Authentication, a security feature that is designed to guarantee pointer integrity.”
What’s more, “although the hardware techniques used by PACMAN cannot be addressed with software features,” the researchers stated, “memory corruption flaws may.”
The flaw stems from pointer authentication codes (PACs), a line of protection established in the arm64e architecture to detect and safeguard against unexpected changes to pointers (objects that store a memory address) in memory.
Memory corruption vulnerabilities, for example, are frequently exploited by overwriting control data in memory (i.e., pointers) to divert code execution to an arbitrary address controlled by the attacker.
While techniques such as Address Space Layout Randomization (ASLR) have been developed to make buffer overflow attacks more difficult, the goal of PACs is to determine the “validity of pointers with minimal size and performance impact,” effectively preventing an adversary from creating valid pointers to use in an exploit.
This is accomplished by securing the integrity of a pointer with a cryptographic hash called a Pointer Authentication Code (PAC). Apple explains PACs in the following way:
Pointer authentication works by using a special CPU instruction to append a cryptographic signature — or PAC — to the pointer’s unused high-order bits before saving it. After reading the pointer back from memory, another instruction removes and authenticates the signature. Between the write and the read, any change to the stored value invalidates the signature. When the CPU detects authentication failure, it interprets it as memory corruption and sets a high-order bit in the pointer, rendering it invalid and causing the program to crash.
PACMAN, on the other hand, “eliminates the fundamental barrier to launching control-flow hijacking attacks on a platform secured by pointer authentication.” To get around the security measure, it uses memory corruption and speculative execution, leaking “PAC verification results via microarchitectural side channels without triggering any crashes.”
In a nutshell, the attack method allows a bad actor to “brute-force the correct PAC value while suppressing crashes and construct a control-flow hijacking attack on a PA-enabled victim program or operating system,” allowing them to “brute-force the correct PAC value while suppressing crashes and construct a control-flow hijacking attack on a PA-enabled victim program or operating system.”
The crash prevention works because each PAC value is guessed speculatively via a Prime+Probe attack on a timing-based side channel via the translation look-aside buffer (TLB).
Out-of-order execution, which is utilized to boost efficiency in current microprocessors by projecting the most likely path of a program’s execution flow, is weaponized by speculative execution flaws, as seen in the case of Spectre and Meltdown.
It’s worth mentioning, however, that the threat model assumes that a victim program (kernel) already has an exploitable memory corruption vulnerability, which allows an unprivileged attacker (a malicious software) to inject rogue code into certain memory locations in the victim process.
“This attack has broad ramifications for the security of future control-flow integrity primitives, and has critical consequences for designers looking to construct future processors utilizing pointer authentication,” the researchers stated.
Have you enjoyed reading this article? To read more exclusive material from THN, follow us on Facebook. Apple M1 CPUs have a new flaw that can’t be patched, according to MIT researchers.