On June 10, 2022, MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) released a report outlining an unpatchable flaw with Apple’s popular M1 chip. Found in millions of MacBooks, iMacs, and iPads across the world, the Apple M1 chip has been a crucial part of the company’s ecosystem since 2020.

But what does this vulnerability mean, and are your Apple devices safe?

MIT Researchers Discover an Unpatchable Apple M1 Chip Vulnerability

Apple devices have several lines of defense to stop applications from running malicious code. The last defense is the M1 Chip’s Pointer Authentication mechanism, a hardware tool designed to detect changes in software code.

Pointer Authentication works by creating cryptographic signatures called Pointer Authentication Codes (PACs). When a piece of software runs, the M1 Chip checks the PAC it has stored to ensure that it matches the code presented by the software. The software will crash if the authentication fails, providing an excellent safety net alongside software security.

Is the Apple M1 Chip Flaw Dangerous?

Apple M1 chip

Named PACMAN by the MIT researchers that discovered it, this vulnerability exploits the M1 Chip’s PAC system by guessing the PAC for a piece of software. This is achievable with a hardware side channel that enabled the researchers to run through all possible pointer authentication values until they found the correct guess.

Unfortunately, as this is a hardware vulnerability and not a software one, there is little Apple can do to solve the problem besides recalling devices. This would be a much bigger problem if it weren’t for the other lines of defense Apple devices have in place.

The PACMAN attack will only be successful if a software vulnerability already exists on a system, something Apple takes very seriously.

Despite this, it would be wrong to say that PACMAN is harmless. If PACMAN gets used to bypass the Pointer Authentication on a device, there would be nothing left to stop an attacker from taking complete control of it. This is a worrying thought when considering the number of M1-equipped devices sold over the last couple of years.

The Impact of Apple’s M1 Chip Vulnerability

iPad next to Apple Pencil and Folio case

The Apple M1 Chip has been the company’s flagship SoC since 2020 and is only set to be replaced in July 2022. This means that all Apple MacBooks, iMacs, and iPads sold since 2020 with the M1 Chip have the vulnerability MIT discovered. This is a daunting prospect for consumers, though enterprises face more considerable risks.

More than 23% of enterprise users in the US use Apple devices in 2022, a stark contrast to a market that Microsoft once ruled. Businesses and other large organizations are favorable victims for attackers, as their large internal networks make it possible to carry out attacks with greater scope.

It is also harder to avoid software vulnerabilities in environments like this, especially when it comes to security updates.

Future Apple and ARM Processors

MacBook Air in hand

While the idea of a wide-scale Apple vulnerability can sound scary, MIT CSAIL researchers have made it clear that their concerns are about future hardware. Both Apple and ARM processors use Pointer Authentication for security, which is set to continue into the future.

As more devices with Pointer Authentication hit the market, the risk of exploits like this being used will only increase. Thankfully, both Apple and ARM have made statements to show that they are aware of the issue and are investigating affected products to ensure that they are secure.

Apple’s M1 Chip Vulnerability: Are Your Devices Safe?

In short, yes. Your devices are safe at the moment. It isn’t possible to stop the PACMAN exploit, as the issue is baked into the M1 Chip, but this doesn’t mean that your iPad or MacBook will stop working. PACMAN is only a problem if there are software vulnerabilities in place that allow the exploit to work. This is unlikely to occur unless users make mistakes.

Protecting Your Apple Devices Against PACMAN and Other Threats

iMac on desk with speakers

Apple devices are known to be easy to use. This extends to security across the ecosystem, but it is worth taking steps to keep your computer or tablet secure.

Update Your OS and Software

New software vulnerabilities are constantly being discovered, and companies like Apple release regular OS and software updates to stay on top of them. This is only effective if you install the updates for your Apple devices. If you're unsure how to keep your devices updated, here's our comprehensive guide to updating your Mac’s software and OS.

Use the App Store

MacBooks, iPads, and iMacs are equipped with the Apple App Store. The company has a range of security and quality standards that software must meet before it goes onto the store. This creates a safe environment for users to find the software that they want to use. Avoiding external software sources is an easy way to ensure that your Apple device is secure.

Creating Regular Backups

This won’t make your devices immune to PACMAN or other cyber threats, but it allows you to quickly get back on your feet if your machine is ever compromised. You must learn how to use the Time Machine app on your Apple devices to create backups for recovery.

Apple M1 Chip Unpatchable Flaw

Any hardware vulnerability should be taken seriously, especially with components as common as Apple’s M1 SoC. Apple, ARM, MIT, and other groups are working on researching the PACMAN flaw to ensure that it doesn’t come back to bite us in the future.

You will be able to learn more about MIT’s findings on June 18 at the International Symposium on Computer Architecture.