News MIT Finds Apple M1 Vulnerability, Demos PACMAN Attack

[Admin]

MIT CSAIL scientists have created a PACMAN attack methodology that leverages both software and hardware attacks to steal data from Arm-based processors, including the Apple M1.

MIT Finds Apple M1 Vulnerability, Demos PACMAN Attack : Read more

 

[Deleted member 1353997]

Title: "MIT Finds Apple M1 Vulnerability"
Article: "MIT Computer Science & Artificial Intelligence Laboratory (CSAIL) scientists unveiled a new attack methodology that exploits a hardware vulnerability in Arm processors"

The bad faith is strong in this one.

 

[PaulAlcorn]

Title: "MIT Finds Apple M1 Vulnerability"
Article: "MIT Computer Science & Artificial Intelligence Laboratory (CSAIL) scientists unveiled a new attack methodology that exploits a hardware vulnerability in Arm processors"

The bad faith is strong in this one.

This was an error on my part. Out of an abundance of caution, I pointed out that this vulnerability should impact all newer Arm chips, as the pointer feature is in those versions. However, after speaking with the MIT researchers they emphasized that this is only proven to work on the Apple M1. I updated the text to reflect the new information.

 

[Elterrible]

So, no memory corruption and no issue? If it literally is that simple, then I wouldn't call it an unpatchable flaw, if it were, it wouldn't need a second exploit to be vulnerable.

 

[PaulAlcorn]

So, no memory corruption and no issue? If it literally is that simple, then I wouldn't call it an unpatchable flaw, if it were, it wouldn't need a second exploit to be vulnerable.

The hardware vulnerabilities can't be patched in software. The PACMAN attack exploits a combination of both software and hardware vulnerabilities.

 

[InvalidError]

The hardware vulnerabilities can't be patched in software. The PACMAN attack exploits a combination of both software and hardware vulnerabilities.

Practically every hardware exploit that isn't an outright data leak relies in code weaknesses to some degree, which is why every side-channel exploit can be mitigated by re-arranging code to whiten its signature (ex.: add dummy code to balance out performance and memory accesses between data-dependent code paths) at the expense of performance.

 

[jeremyj_83]

Title: "MIT Finds Apple M1 Vulnerability"
Article: "MIT Computer Science & Artificial Intelligence Laboratory (CSAIL) scientists unveiled a new attack methodology that exploits a hardware vulnerability in Arm processors"

The bad faith is strong in this one.

The team used an Apple M1 processor as the demo chip for the exploit and tells us that it hasn't replicated it with other Arm processors.

 

[missingxtension]

Funny how i fist read about this on a mac site from google news and they specifically stated (mac site) that it can't be exploited remotely and was no concern. 🙉🙉

 

[KyaraM]

So Apple is actively lying to their customers about the potential threat, especially if they claimed it cannot be exploited remotely. Good, one more reason to never buy their overpriced garbage. At least both Intel and AMD where honest about the severity of the issue back then.

I really hope the issue turns out to be confined to them, though. Considering how many Qualcomm or Samsung ARM processors are on the market in smartphones today, this feels like it could become a second Meltdown/Spectre situation, though there was a lot of overblown scare there, imho. It was still undeniably an issue, just like this could become one.