A team of researchers from MIT has managed to break through the so-called last line of defense of Apple's M1 chip, creating a security hole at the hardware level.

M1 chips are generally considered to be quite secure, despite a few vulnerabilities that have been discovered in the past. However, this particular issue stands out because it cannot be patched or otherwise updated. Since it is tied to the hardware, the only way to address it is to replace the chip.

The attack, dubbed “PACMAN” by the research team (there’s a reason for that), is able to bypass the M1’s Pointer Authentication defenses and leaves no evidence behind. The feature essentially adds a special encrypted signature to various memory functions and requires authentication before those functions can be executed. These Pointer Authentication Codes (PAC) are designed to disable security bugs before they can do significant damage.

A PACMAN attack attempts to guess the right code to trick the chip into thinking a bug isn’t a bug. And since the number of individual PAC values is finite, it’s not too hard to try all the possibilities. The silver lining to all this is that a PACMAN attack is extremely dependent on specificity. It has to know exactly what kind of bug it needs to let through, and it can’t compromise anything if there’s no bug it can try to pass through Pointer Authentication.