A team of MIT CSAIL researchers recently disclosed PACMAN, “a novel hardware attack that can bypass Pointer Authentication (PAC) on the Apple M1 CPU.” The attack is based on speculative execution attacks to circumvent a central memory protection mechanism, known as ARM Pointer Authentication, which is a security feature for pointer integrity.
What Is PACMAN and How Does It Affect Apple?
In its essence, PACMAN is an exploitation technique which cannot be used on its own to compromise an operating system. “While the hardware mechanisms used by PACMAN cannot be patched with software features, memory corruption bugs can be,” the team noted.
The loophole stems from pointer authentication codes, shortly known as PACs, which are a security part of arm64e architecture aiming to protect against unexpected changes in pointers. Shortly said, pointers are objects that store a memory address in memory.
PACMAN has been described as a combination of a co-attack of software and hardware. For the attack to work, it needs an existing software vulnerability, typically a memory read/write issue which it turns into a more dangerous exploit. This could then lead to arbitrary code execution. However, to be successful, the attack scenario needs to have the PAC value for a particular victim pointer. This is accomplished by creating the so-called PAC Oracle, or the ability to tell if a PAC matches a specified pointer, under these conditions:
The PAC Oracle must never crash if an incorrect guess is supplied.
We then brute force all possible PAC values using the PAC Oracle.
In other words, “the key insight of our PACMAN attack is to use speculative execution to stealthily leak PAC verification results via micro-architectural side channels,” as per the report.
In order to work, the attack relies on something the team dubbed PACMAN gadgets. These gadgets contain two operations:
- A pointer verification operation that speculatively verifies the correctness of a guessed PAC;
- A transmission operation that speculatively transmits the verification result via a micro-architectural side channel.
Is PACMAN exploited in the wild? As far as the researchers are aware, there are no known active attacks. The team has been in talks with Apple since 2021.
Full technical disclosure of the attack is available in the original report [PDF].
M1RACLES Vulnerability Reported in May 2021
Last year, a vulnerability affecting the Apple Silicon M1 chip was discovered, known as M1RACLES and CVE-2021-30747. The flaw in the design of the Apple Silicon M1 chip could enable any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This could work between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.