2022: High-End Chips Shortages Paired with Security Flaw Leave MacBooks Vulnerable
There has been an uptick in retail sales of the MacBook, and those who recently purchased one should be aware of a flaw in its system. MIT discovered that the Pointer System used to protect chips from hackers can be breached.
MIT Computer Science & Artificial Intelligence Laboratory (CSAIL) scientists revealed in a recent paper a vulnerability in what they call the “last line of security” for the M1 chip. The flaw could theoretically give bad actors a door to gain full access to the core operating system kernel.
Fortunately, M1 Mac owners don’t need to worry about having their sensitive data stolen. The MIT team says if your system is under attack, it needs to have an existing memory corruption bug. As such, the scientists say there is “no cause for immediate alarm.”
For its part, Apple thanked the researchers in a statement to TechCrunch but emphasized that the “issue” doesn’t pose an immediate risk to MacBook owners.
“We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques,” Apple said. “Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own.”
Getting to the Point
As mentioned, Apple uses pointer authentication on all of its ARM-based chips, including the M1, M1 Pro, and M1 Max. MIT said it hasn’t tested this attack on the recently revealed M2 processor set to power the new MacBook Air and MacBook Pro 13. Qualcomm and Samsung have either announced or are set to ship processors that use the security feature.
Author Philip Tracey offers some details about how pointer authentication actually works and how it can be compromised. His information in the article requires some advanced technical training to fully understand which part of this story is meant to be alarming and which part is reassuring when it comes to newer MacBooks.
This statement doesn’t make it any easier to feel secure.
“The idea behind pointer authentication is that if all else has failed, you still can rely on it to prevent attackers from gaining control of your system. We’ve shown that pointer authentication as a last line of defense isn’t as absolute as we once thought it was,” said MIT CSAIL Ph.D. student Joseph Ravichandran and co-lead author of the paper.
read more at gizmodo.com