While Apple’s M1 processors have helped Macs reach new performance heights, several reports have highlighted potential security issues with the acclaimed system-on-a-chip. The latest such report came from MIT CSAIL, where researchers found a way to bypass the so-called “last line of security” on the SoC M1.

The MIT CSAIL found that the implementation of M1 pointer authentication can be bypassed with a hardware attack developed by the researchers. Pointer authentication is a security feature that helps protect the CPU from an attacker who has accessed memory. pointers store memory addresses and pointer authentication code (PAC) checks for unexpected pointer changes caused by an attack. In their MIT research, CSAIL created “PACMAN”, an attack that can find the correct value to successfully pass authentication of the pointer, so the hacker can continue accessing the computer.

Joseph Ravichandran of MIT CSAIL, co-author of a paper explaining PACMAN, said in the MIT paper: “When pointer authentication was introduced, a whole category of bugs suddenly became a lot harder to exploit. Because PACMAN makes these bugs more severe, the overall attack surface can be much larger.”

According to MIT CSAIL, since a hardware device is involved in the PACMAN attack, a software patch will not solve the problem. The issue is a broader issue with Arm processors that use pointer authentication, not just the Apple M1. “Future CPU designers should take care of this attack while building the secure systems of tomorrow,” wrote Ravichandran. “Developers should take care not to rely solely on pointer authentication to secure their software.”

Last Monday, Apple announced the M2 chip at its WWDC keynote, which is a new generation successor to the M1 series. An MIT spokesperson confirmed to Macworld that M2 has not been tested for this vulnerability.

Since PACMAN requires a hardware device, the hacker must have physical access to the Mac, which limits the ability to execute PACMAN. But as a technology demo, PACMAN shows that pointer authentication is not completely secure and should not be fully relied upon by developers.

MIT CSAIL plans to present a report at the International Symposium on Computer Architecture on June 18th. Apple has not made public comments, but it is aware of the MIT CSAIL findings. (Researchers usually share their results with interested firms before public disclosure.)

PACMAN is the latest security breach found in M1. In May, researchers from the University of Illinois at Urbana-Champaign, the University of Washington, and Tel Aviv University discovered a prediction error. Last year, developer Hector Martin discovered the M1RACLES vulnerability. However, these deficiencies were considered harmless or did not pose a serious threat.