How does PACMAN vulnerability impact us average types?

I was pretty disappointed to hear that Mac OS Ventura would marginalize MBPro 2015 which didn’t make the cut for compatibility.
In my experience the 2015 was a great option for its durability and user-configurability (if that is a word)
Apple’s new technology Macs seem to have a rather built-in vulnerability which seems to be ushering in
a whole host of new problems or concerns.

Here’s what I’ve read: “PACMAN” Hack Can Break Apple M1’s Last Line of Defense - IEEE Spectrum

Although the article headline is clear fear-mongering clickbait, the article itself is pretty useful. Here are the important points I took away from it:

  • It requires another pre-existing exploit to be useful. That is, this isn’t a way for malicious code to launch/install itself, but it can be used by malicious code, once already installed, to cause additional damage.
  • It is based on the M1’s pointer-authentication logic. On most CPUs, memory pointers are just addresses to memory locations. On an M1, however, they include an extra 16 bits of cryptographic authenticated data.
  • The idea is that when the OS kernel gives you a pointer to a memory location (a not-uncommon thing), application code can use it and pass it back to the kernel, as necessary, but if some code manipulates that pointer before passing it back (e.g. to try and access some part of the OS kernel that it shouldn’t have access to), the hardware can detect the authentication failure, raise a signal and crash the app.
  • The bug here is that code can use a side-channel attack to be able to determine (without actually dereferencing the pointer, which would crash the app) what that authentication code should be, allowing it to bypass this specific security feature.

According to the researchers quoted in the article, it remains to be seen how dangerous this will actually be, but it is something new that developers of security solutions will need to keep in mind.

As for what I think, I think it’s worth pointing out that other CPUs (including Intel) don’t have this kind of protection at all. Modern OS’s, including macOS, Linux and Windows have other mechansims to protect against memory pointer corruption.

The fact that this specific mechanism Apple designed for the M1 isn’t perfect is not the end of the world, although it does mean that Apple’s kernel developers shouldn’t rely on it to the exclusion of other kinds of security measures. I would assume that they are not doing this for many reasons, including the fact that the Darwin kernel needs to be compatible with CPUs other than the M1 (e.g. Intel and A-series SoCs), which don’t have cryptographic pointer authentication at all.

2 Likes

Products that are 7 years old are always obsoleted. There are legal and practical reasons for companies to do so. This might be good to keep in mind if it caught you by surprise.

I talked with @rmogull about this and from what he said, I decided it wasn’t even worth covering. It’s unclear just how hard a real exploit would be, it requires a physical attack with hardware, and regardless, there’s nothing users can do. Apple will have to mitigate in macOS.

And, as Rich said, it’s an ARM problem, not something specific to the M1.

2 Likes