People here probably already know, but I thought I would share it. I kind of find it hilarious @wendell is always on about Apples, putting it nicely, lack luster engineering. I figure you might get a chuckle out of it.
1 Like
Thing is, this is a last line of defence that x86 or other platforms don’t even have.
If you get to this element in the architecture, you’ve already owned x86, x64, etc.
I don’t think the engineers did their work poorly. The new fad is speculative attacks aimed at poisoning data in memory.
This is what got AMD and Intel scrambling for a solution when Spectre and Meltdown vulnerabilities were discovered. I’m sure the M1 predates those vulnerabilities so the engineeres didn’t really had time to test if their architecture had the same issues.
Well, now they know it does.
1 Like
It’s possible, I’m just a bit of a cynic towards apple at this point.
1 Like
Its part of the ARM v8.3 instruction set, apple are just the first to include it.
Maybe be less desperate to pile on “just because”
I think that we should start to distinguish between poor business practices and poor engineering. Even if we’re talking about Apple.
In this case, to me, it’s clearly not poor engineering. Everything is flawed and I’m sure that, with enough time, we could find dozens of vulnerabilities everywhere.
2 Likes
I don’t know if I fully agree withnthenothers in giving apple a pass.
Spectre and Meltdown were known about for years by the point the M1 released. Yes building an arch takes years but in that time they would have known that they are using these same flawed practices and watch them get exploited massively publicly.
At that point they can’t do anything aboytnit in silicon but could be working on hardening it against these very attacks that they knew were coming and yet didn’t.
It seems like hubris to me that they would have known this was coming, granted too late to change in hardware, but a know problem that will have to be patched and they just kind of didnt bother trying from the look and sounds of reports.
Instead they did the thing and said “50% performance increase, x86 is dead” while I readily pointed out 50% increase does not happen without many corners being cut somewhere.
They knew this could and likely would happen as an inevitability due to what they designed being flawed and known about for years at that point, and decided to stay quiet for the PR side of it… And here we are now and they look like mornons.
2 Likes
To be clear, this is not a vulnerability that makes M1 or ARM more vulnerable than x86. It is a weakness in the pointer authentication which x86/x64 does not even have. And it isn’t Apple that developed it; it’s part of ARM v8.3 - coming to android devices near you soon.
You can’t just exploit a machine with this. Once you exploit it to execure arbitrary code via some other method this is an additional hoop ARM v8.3 PAC presents that is not even a thing to jump through on other platforms.
This is not a “i’m going to own an m1 just using this exploit”. It is not the same as spectre or meltdown.
3 Likes
This is have to agree on. But we cannot expect transparency from big companies that live and die by their investors.
The attack has the same goal, but it works in a completely different way. Knowing about Spectre and Meltdown can’t help you if you’re working with a totally different base architecture. And they’re not even doing all the work, just like thro said. They’re licensing the bulk of the project from ARM so it’s their fault, if we must point fingers.
Intel and AMD have less excuses because they built their architectures from the ground up on their own.
Yeah. It’s like street racers saing their car is faster than a Ferrari, but they’re riding in a stripped out Honda Civic with the exhaust out the hood.
1 Like
Corners aren’t being cut.
As above, this “vulnerability” is in pointer access control.
Which is a feature x86/x64 does not even have. Its a vulnerability in an additional layer of security that no other platform currently has. So… even if this was 100% broken, it is no less secure than x86/x64.
I’m going to be honest I didn’t want this topic to go this deep. My opinion on Apple is not going to change due to their behavior around Right to Repair, and a lot of the other stuff such as with sticking with lightning. And yeah they are dipping their toes in make changes now, but those changes should have been made long ago. I was going to say something along the lines of what @Zibob said but I didn’t want to start an argument with people who might still enjoy Apple products (I thought I would just end it with I’m a Cynic W/E) . The spectre/meltdown vulnerabilities were discovered around 2018, but they affected chips all the way back to 2012 if I recall off the top of my head, 6 years without it being discovered vs 1 looks pretty bad. We can debate about the technical aspects of this here, but people who like to do this are not the average consumer who would be buying an apple product. When anything is designed I feel as though known issues to the solution (In this case a CPU) should be taken into consideration. I feel like M1 was rushed, if they had considered this new(ish) form/method/goal of attack, they may have looked more into it. Maybe I’m a bit paranoid, but I’m the type that when I do/make something I try to consider the worst possible outcomes and plan around it (which is probably unrealistic for a company with projected timelines and trying to keep the share holder zombies happy).
I am unfamiliar with M1 systems, but I want to point out that the above mentioned x86/x64 can be mitigated by disabling speculative processing in the BIOS. IDK if you have this capability on M1 devices to disable what is being exploited. Also want to add there is concern this will be an issue in the M2 devices.
1 Like
I forget the names but there was some researcher flagging up those as big scary potential issues years back it turned out after, he had the process in thought but not reality and sure enough it came to be. While it only became an issue relatively recently the issue has been recognised, though not exploitable, for a very long time.
Isn’t AMD SME accomplishing the same thing that ARM pointer authentication is supposed to be doing and more?
So basically you posted a thread to hang shit on them based on a vulnerability you don’t understand, simply because you don’t like them as a company.
got it
Slightly different.
AMD is using encrypted memory, the PAC in M1/other arm v8.3 is basically using the upper bits of 64 bit pointers as a cryptographic hash of what the 48 bits of the pointer should be (because 64 bits of address space is way more than we need, even 48 bits is more than we need at the moment).
The idea being that if a pointer is somehow modified by a rogue process that doesn’t have the key, the upper bits won’t be set appropriately - then the OS will determine the pointer doesn’t match its hash and terminate the application immediately.
The issue apple has is they are using 48 bits of the 64 bit pointer for addressing and only the upper 16 bits for the crypto hash, which turns out is possible to determine via a side channel.
Again this is something other platforms are not doing. So if PAC is completely 100% broken, we’re back to the base level of security as other platforms. I.e., this new feature to arm has had a flaw discovered.
You can’t directly own a machine via PACMAN, but if you have malicious code already running it is possible for it to circumvent this additional protection (to help escalate from say user space to system, assuming you already have an exploit for that), so far in a lab scenario.
This is entirely NOT what PACMAN / PAC vulnerability is.
2 Likes
Don’t fully understand, chip design isn’t exactly something you just pick up and be an expert at, but I still find it hilarious that a company of their size and with the attitude they present themselves with, put egg on its own face like this. And also this outcome is why I don’t recommend gen 1 products from any company, unless either you are knowingly crowd funding, or willing to accept outcomes like this. I have the right to an opinion of that company, unless L1 forums has a rule against sharing opinions that others, clearly you, are going to be upset with. That comment was clearly aimed to attempt to urk me because you didn’t like what I had to say. Also thank you to everyone who has replied with more detailed explanations of how the vulnerability work. It is an interesting topic regardless of my negative opinions of apple.
ZibobA Keyboard Guy
I forget the names but there was some researcher flagging up those as big scary potential issues years back it turned out after, he had the process in thought but not reality and sure enough it came to be. While it only became an issue relatively recently the issue has been recognized, though not exploitable, for a very long time.
Thank you for this it is informative. If you can manage to find and link them it might be an interesting read.
1 Like
- This is an ARM feature, ARM have been putting out CPUs since the 80s
- Apple have been building enhanced CPU designs (and this is NOT apple’s design feature) for 10+ years at this point.
- Again, this is an exploit for a security feature other vendors do not even have, but will be included in the new android phones as they adopt ARM v8.3+… If you manage to break this feature, you are back to the level of security of pre-PAC ARM based processors.
You’ve a right to your own opinion sure. But if you’re going to go making statements about this vulnerability that are patently false, expect to get called out on it.
I’ve tried to like Mental Outlaw but noped out of his channel due to strongly opinionated and often based on lack of understanding of the stuff he is presenting. Its like someone is trying to give voice to the, let me quote RMS here, “inane comments” you read on /g/.
Same goes for Luke Smith. Hell… he’s even worse.
1 Like
This topic was automatically closed 273 days after the last reply. New replies are no longer allowed.