APPLE users are on high alert as a security vulnerability with no solution has been unmasked.
The hack attacks the hardware of the device, meaning a software patch from Apple won’t fix it.
1
The scheme takes advantage of the “pointer authentication” techniques employed by Apple’s M1 computing chip.
Pointer authentication security tools flag code that has been maliciously altered.
It’s dependent on a digital signature called a Pointer Authentication Code (PAC) – wrongfully guessing a PAC will cause the computer to spazz and crash.
“The idea behind pointer authentication is that if all else has failed, you still can rely on it to prevent attackers from gaining control of your system,” MIT researchers told Digital Trends.
But a new hack opens a side channel where PACs can be guessed without raising security alarms.
Cybersecurity experts have dubbed the security vulnerability PACMAN.
“We’ve shown that pointer authentication as a last line of defense isn’t as absolute as we once thought it was,” researchers said.
But, for PACMAN to act out against users there needs to be a software vulnerability as well, the study authors told The Register in an email.
Most read in Tech
Apple responded to the security vulnerability.
“Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own.”
Apple is keen to keep the lid on PACMAN as the M2 chip rolls out with new Macbooks.
The next generation of computing chips will power the Macbook Air that was unveiled at Apple’s WWDC.
