The Apple M1 PACMAN vulnerability.

As someone with a background in hardware, that paper was an incredibly interesting read. Not only did they exploit advanced processor features such as the branch prediction system and TLBs, but they reverse engineered the memory hierarchy and TLB hierarchy to get the necessary data to perform the attack. I'm sure Apple is very happy about this papers existence!

snowcoalRC

from an article "pacman does not attack Apple M1; it attacks a security mechanism in ARM, introduced in ARMv8.3. They have employed the Apple M1 processor,  but it is very likely that many other ARMv8-based processors will have the same limitation."

CerdurTV

got to love those stock images of hackers with a whole file of html and inline css opened

Alexbl

"Pretty nasty stuff to the system"... proceeds to show some minified CSS code. Nasty stuff, indeed, but not to the system.

tokahuke

I was very afraid that this was gonna be a security vulnerability in the arch pacman

ammyvl

"...If you can make a pointer point to something that it isn't supposed to, then you can start doing some nasty stuff to that system..."

** displays css rules on the screen **
Every web-dev watching this: "He is right you know"

ibollanos

Bro I swear to god there are more 0days than updates these days.

cd-yxnv

apple moved up from planned obsolescence to unplanned privilege escalation

Noteclip

When they hack your Mac, just buy another Mac. That thing was more than three months old anyway

henrymach

One *Misunderstanding* most people here seem to have is that this specific Vulnerability somehow makes their systems "more insecure" than it already is. Which is not the case at all.

PAC was introduced as a ""additional Security Measure"" to prevent Unauthorised Pointer Manipulation, and this Vulnerability only renders that particular Security Measure Useless.
But ""that particular security measure"" isn't there in other older systems to begin with in the first place, nor would've it existed in the Newer ones aswell if it wasn't introduced in the first place.

Think of it as a Shield, any processor that incorporates PAC has that Shield, but the ones that don't incorporate it don't have that Shield in the first place. And PAC being bypassed only makes the Former Processor lose that Shield, which in turn makes it as secure as any other Processor. But not "less secure".

So at the end of the day, M1s are still much more secure than the older ones and PAC still could protect them if the Exploit doesn't incorporates this particular Bypass method.

Also PAC Framework was implemented in ARM 8.3, and Apple simply uses ARM for their processors. And another thing is that any OS out there nowadays uses ASan or SAFECode, which are Software based Sanatizers which do prevent Control Flow and similar Vulnerabilities that make use of Pointers. And MacOS uses ASan. So any exploit will first need to bypass those.

wrockd

I love how you used the soyjak pointing to represent pointers lol. Programmer humor at its finest.

DexieTheSheep

Glad to see more videos coming out consistently. Great content

zacwesleybrown

The endless pointing wojacks had me dying laughing

Jtarcz

Nice, someone who links to the paper in the description. This is not common enough on YouTube.

cherubinth

perhaps pac-man stands for Pointer AuthentiCation MANipulation

qwe

Nice to see this duck channel branching out into tech 👍

macktheripper

Its not a vulnerability in pacman, thanks god is just an issue in an Apple device.

I can live with that.

toobig

1:10. You're right, CSS is some nasty stuff.

zx

4:44 sounds like a way to jailbreak your Mac OS if I'm picking that up right..

xiaowong

I was at ISCA 2022 where they presented the paper and it was unanimously considered to be the best presentation of all the computer security ones, it was a really fun experience.

soulysouly