Pointer Authentication is a mechanism available on ARM-based processors, including Apple, that aims to enable the detection and protection against unexpected changes in markers in memory.

Pointer authentication works by offering a special CPU command to add a cryptographic signature – or PAC – to unused high-order bits of a pointer before pointer storage. Another instruction removes and validates the signature after reading the pointer behind the memory.

This mechanism makes it possible to detect when a value has been violated between write and read by checking the signature. If the signature is invalid, the CPU will treat this value as corrupt and cause a program error. According to a paper by Ravichandran et al., A new attack methodology enables speculative leakage of PAC verification results through microarchitecture side channels without causing errors. In addition, the attack operates at privilege levels, thus allowing an underprivileged user to gain access to the kernel space of the operating system. For PACMAN to be a real threat, however, it must rely on an existing software-level memory corruption error. In other words, since PAC is a line of defense against memory breach, if you have an error that allows you to access a memory location and modify its contents after a recording, then you can use PACMAN to prevent CPU detection and crash. As mentioned, Apple has somewhat downplayed the importance of this vulnerability. In a statement to Tom’s Hardware, an Apple spokesman said: “This issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own.” However, as the researchers point out, PACMAN suggests a new category of vulnerabilities:

We believe that this attack has significant implications for designers wishing to implement future processors with pointer authentication and has far-reaching implications for the security of future original flow-of-control integrity elements.

PACMAN is not the first vulnerability found in Apple Silicon processors. Recently, researchers at the University of Illinois at Urbana-Champaign, the University of Washington and the University of Tel Aviv described Augury, an attack leaked at rest by the A14 and the M1 family of processors. Augury is aiming for another new optimization tool available on state-of-the-art processors, data-recovered (DMP) processors, enabling access to out-of-bounds memory locations when retrieving data belonging to a table.