the MIT (Massachusetts Institute of Technology), a particularly renowned American university and which also tries to improve the impact of social networks on our health, has just made a shocking discovery. Computers among the best-selling of the moment are indeed victims of a security flaw that seems impossible to fill.
And for good reason: it actually affects PACs, an acronym for pointer authentication codes. This barrier material is offered by Apple in its in-house chips, in particular to better curb potential hackers when they attempt to inject malicious code into the memory. It is therefore a manufacturing “defect” and not a software breach, so that a potential patch is unthinkable here.
Which models are affected?
According to MIT, the Macs affected are those powered by a M1, M1 Pro or M1 Max chip. The list of models in question is therefore particularly extensive:
- Macbook Air (2020)
- 13-inch MacBook Pro (2020)
- 14-inch MacBook Pro (2021)
- 16-inch MacBook Pro (2021)
- 24-inch iMac (2021)
- Mac Studio (2022)
- Mac mini M1 (2020)
No testing has been performed on devices with an M2 or M1 Ultra chip. However, these embed the same PACs as the others, so that it is very likely that their vulnerability is also proven. Caution will therefore also be required with the new MacBook Air and MacBook Pro unveiled at the Worldwide Developer Conference last Monday.
Other brands in the viewfinder
Still according to MIT, PACs are not exclusive to Apple because they are also found at the heart of certain signed technologies. Qualcomm or Samsung. In theory, there is therefore the thread of an incident of international scope and affecting millions of products already in the hands of consumers.
However, it is worth remembering that the attack tested by the researchers is far from being within everyone’s reach: it requires the application of serious technical knowledge.
Scott Radcliffe, working at Apple, reacted on behalf of the firm by trying to calm things down. For him, the discovery of this flaw is thus commendable but is not a sign ofnone “immediate risk“ for user data. Whew?
Apple MacBook Air Retina 128 GB