Uncovered by a team at MIT CSAIL, PACMAN is a new vulnerability affecting a defense mechanism available in Apple Silicon processors and known as pointer authentication code (PAC). While Apple downplayed the severity of this finding, the researchers hint at the fact that PACMAN brings an entire new class of attacks.
Pointer authentication code is a mechanism available on ARM-based processors, including Apple's, which aims to enable detecting and guarding against unexpected changes to pointers in memory.
Pointer authentication works by offering a special CPU instruction to add a cryptographic signature — or PAC — to unused high-order bits of a pointer before storing the pointer. Another instruction removes and authenticates the signature after reading the pointer back from memory.
This mechanism makes it possible to detect when a value has been tampered with between the write and the read operation by checking the signature. If the signature is invalid, the CPU will treat that value as corrupted and will cause a program crash.
According to a paper by Ravichandran et al., a new attack methodology makes it possible to speculatively leak PAC verification results via microarchitectural side channels without causing any crashes. Furthermore the attack works across privilege levels, thus allowing an unprivileged user to gain access to the OS kernel space.
For PACMAN to pose a real threat, though, it must count on an existing software-level memory-corruption bug. In other words, since PAC is a line of defense against memory tampering, if you have a bug that makes it possible to access a memory location and modify its content after a write, then you could use PACMAN to prevent the CPU from detecting it and crashing.
As mentioned, Apple somewhat downplayed the relevance of this vulnerability. In a statement to Tom's Hardware, an Apple spokesperson said "this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own." Still, as the researchers point out, PACMAN hints at a new category of vulnerabilities:
We believe that this attack has important implications for designers looking to implement future processors featuring Pointer Authentication, and has broad implications for the security of future control-flow integrity primitives.
PACMAN is not the first vulnerability found in Apple Silicon processors. Recently, researchers at the University of Illinois Urbana-Champaign, the University of Washington, and the Tel Aviv University described Augury, an attack that leaks data at rest the A14 and the M1 family of processors. Augury targets another novel optimization mechanism available in modern processors, data memory-dependent prefetchers (DMP), by making it possible to access out-of-bounds memory locations when prefetching data belonging to an array.