Where were you when God smote the sodomites?
 Shopping Cart Returner Shirt $21.68 |
 Ape Out Shirt $21.68 |
Shopping Cart Returner Shirt $21.68 |
M1: Finished & BANKRUPT
Where were you when God smote the sodomites?
Shopping Cart Returner Shirt $21.68 |
Ape Out Shirt $21.68 |
Shopping Cart Returner Shirt $21.68 |
It still needs physical access.
no it just needs a kernel extension, the researchers just used physical access to demonstrate the concept
>it just needs a kernel extension
If you have already gotten to the point where you can execute code in the fricking kernel, what's the fricking point?
micro/hybrid kernel anon, most important things are userland.
>just
kek, that's basically a rootkit, on windows you can install a rootkit right away, macs has a security layer you have to turn off in safe boot before being able to even install something like that
SIP
https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection
>on windows you can install a rootkit right away
No you can't. That DELETE_WINDOWS_BOTNET.bat.ps1.exe memescript you blindly ran when you installed disabled UAC, and you're stupid enough to believe that's the default.
>just run this code in yoyr kernel so we can pwn you mac bro
it is a big failure from arm as an arch, but since apple now ships 25% of corporate laptops and they basically said yeah whatever i assume it's largely a nothingburger.
speculative execution should be banned
>it is a big failure from arm as an arch
How?
Intel's implementation (CET) was later to the game (11th gen and later) and even worse. AMD I'm not sure if it even has pointer protection.
How is this a problem for ARM?
any "exploit" that isn't invoked by having the user click a single link or a single button is totally irrelevant.
and even then, its far more effective to just trick the user into giving up their info themselves. security only as strong as the weakest link, and the zoomies aren't exactly the iron curtain.
>is totally irrelevant
to majority of population, but guess what, no one fricking cares about you and the population unless an attacker wants to create some botnet. But guess what, no one uses CPU attacks to plant a botnet.
It gets importance because "bad" people can potentially attack "good" ones and leak some uncomfortable information that led people like Julian Assange to uncomfortable places.
>no one uses CPU attacks to plant a botnet.
you should telling that to the NSA and CIA that spend hundreds of millions of dollars developing tools to do just that. my god, this board is full of the dumbest fricking Black person monkeys i've ever seen. you make the compulsive lying failures of reddit seem credible and trustworthy. read a fricking book, Black person.
BULLRUN gang gang
SAC up in this b***h
Fricking hell you zoomers really are dumb. One of the biggest things I learned about cyber-security is that social engineering will ALWAYS be the greatest potential threat with a massive attack surface. The average person would laugh at you if you told them being manipulated was their biggest risk, they say there is no way to manipulate them. Yet, year after year, people are giving threat actors exactly what they want.
>It still needs physical access.
100% false, seething ijeet.
https://pacmanattack.com/
> seething this fricking hard
cringe
>https://pacmanattack.com/
not clicking that shit homie
i'm sure if it was child porn you would have downloaded the entire site by now. livestream of suicide, when?
I'm not even a regular here. Duh. Mac user.
WAIT YOU DOWNLOAD THAT SHIT, LIVESTREAM YOUR SUICIDE!
Yes, I would, and was pretty disappointed it wasn't
*needs ROOT access.
That's pretty trivial since most malware is distributed through social engineering attacks these days and mac users are fricking moronic
>convince a bunch of linux flavored macgays to install your kext to protect them from tracking
brirriant
>Memory corruption
I wonder what language could be behind that?
>I wonder what language could be behind that?
no language. it's a flaw in the cpu design that can't be patched, just avoided.
Is this a keyword bot?
RIP Apple.
Incoming 30% performance hit.
Should have rehired Jordan Peterson's brother in law to develop your new chip.
>RIP Apple.
Lel
>proof-of-concept attacks of PACMAN
on the Apple M1 SoC, the first desktop processor that supports ARM
Pointer Authentication.
ITT: People cheering that someone with unrestricted access inside and outside Apple's house managed to pick the door lock, meanwhile in their own house the door is not even locked to begin with
Stones and glasshouses etc.
you didn’t read the paper did you?
according to this document, this bug will be present in a shitload of chips. it literally is over for a bunch of manufacturers relying on this cancerous CPU design, especially apple - that are solely dependent on such chips.
> From a practical perspective, our attack is general enough to be applicable to future ARM processors
> If not mitigated, our attack will affect the majority of mobile devices, and likely even desktop devices in the coming years
So how does that memory corruption happen??
>this bug will be present in a shitload of chips
Debatable. This stuff is highly dependent on microarch implementation. Just look at AMD vs Intel, which also use the same instruction set, but very different in design.
>Debatable
it's not even up for debate. these are practices replicated by all OEM manufacturers. we're looking at millions of devices that can't be patched at all.
>but very different in design.
at least you can patch those chips with new microcode. that's far less concerning. also comparing RISC to CISC chips is a game for low iq fricking morons.
Black person, Apple uses a completely different microarch than everyone else on the market. Unless the vuln is derived from juts the specified semantics of pointer authentication you can't know for sure if ARM's own designs (which everyone else uses) are affected in the same way.
>also comparing RISC to CISC chips is a game for low iq fricking morons
I didn't do that, moron. I said compare AMD with Intel, which both make x86 chips. But somehow one of them manages to not get hit with this shit. The same might very well apply here.
>Black person, Apple uses a completely different microarch than everyone else on the market.
apparently not, because this same exploit will work on any ARM chip that uses pointer authentication (that's most made in the last few years). enjoy your cancerous cpu that can't be patched, rajeesh.
>The same might very well apply here.
ARM cores are licensed from ARM, and the problem with this flaw lies solely at the feet of ARM UK, and it can't be patched. ARM will have to retroactively fix all ARM cores using pointer authentication - that means anyone using ARM chips in new products today will have to stop, make sure their devices are patched to prevent exploitation and then have to buy entirely new line of chips because someone at ARM dropped the fricking ball. not sure how anyone can defend this
> muh intel
> muh amd
> comparing risc to cisc
no wonder itoddlers are seething. i would be too if owned such piles of fricking shit that could NEVER be patched.
Do you really not know that Apple doesn't use ARM's designs? Unlike all other players they have a completely custom in-house engineered cores. It's literally the same situation as AMD vs Intel.
>no wonder itoddlers are seething. i would be too if owned such piles of fricking shit that could NEVER be patched.
Stop projecting, gay.
>comparing risc to cisc
>implying that's what I did
You have shitty reading comprehension.
>Do you really not know that Apple doesn't use ARM's designs?
they use modified designs of cores produced by..... ARM. apple can modify them as much as they like, even put a picture of a Black person raping a cat in it if they wished, doesn't change anything, you illiterate coon. let us know when apple owns ARM or creates any original products that don't involve billions of dollars of licensing agreements. Since you are such a fricking illiterate coon I have to spell it out for you:
APPLE'S CHIPS ARE NOT THE ONLY ARM CORES THAT USE POINTER AUTHENTICATION. itoddlers truly are the dumbest fricking Black folk this universe has ever seen. you can't talk about reading comprehension when you're this fricking illiterate, you dumb coon.
>us know when apple owns ARM or creates any original products that don't involve billions of dollars of licensing agreements.
Υou know the reason Apple has a special "licensing agreement" with ARM is because Apple is a fricking COFOUNDER of ARM, right? Right?
>they use modified designs of cores produced by..... ARM
No, they don't. They design their own cores, just with the same ARM instruction set. Which is why I suggested this vuln might not apply to other ARM processors, which ARE designed and licensed by ARM - the company - itself. It's literally the same situation as AMD vs. Intel (which is a CISC vs. CISC comparison), so it's not at all certain all other ARM CPUs would be affected.
Stop talking about things
>itoddlers truly are the dumbest fricking Black folk
I never said they were. I hate apple as they're the enemy of my freedom. You are the Black person.
Satania's sides are gonna be in high earth orbit.
Will these lead to a bunch of cheap M1 laptops by the end of the year? I could enjoy just for editing audio and have low security anxiety as I'd never be risking anything more than the current week's project.
no, but more m1 stuff is getting older and being sold refurb/2nd hand so ofc its getting less expensive. m1 mac minis go on sale fairly regularly for under $600.
don't forget that not everything is apple silicon native yet, probably especially in the audio editing space like audacity
Can't wait for the mitigation update sisters! I will gladly take that 30% performance reduction over more security!
ihomosexualS BTFO
baked
>not itoddlers
Cringe, you shall never sataniapost again
can we jailbreak the M1 ipads with this?
Just in time for M2. Interesting.
meds, expediently.
it affects M2 as well
Nah, they'll just use some tweezers to move the transistors for pac out of the way
you would think these fricking engineers would stop with the speculation logic and actually just compute deterministically or whatever the proper term is
oh but then the computer would be TOO SLOW AND WE CAN'T PLAY OUR SILLY COMPUTER GAMES
S M O T E D
M
O
T
E
D
MOOOOOOOOOOOM cancel all my meetings
pacman fricked up my M1 CPU once again
lol
I know this attack has huge potential as it has a logo
>pacman
Of course it's Linuxgays doing this shit. It's like they forget their OS is the least secure. Open source means anyone can see the code and thus anyone can easily exploit it. This will get patched.
the frick does this have to do with linux?
Pacman is the unoffical mascot of Linux. Arch's package manager is called Pacman. Gentoo's logo is a purple Pacman.
>the frick does this have to do with linux?
Linux only incorporated pointer protection for intel processors (CET) with 5.18, barely a month ago.
What Linuxgays are crying is not secure enough implementation on MacOS and can be exploited if you have full access to install a kext, well that thing din't even exist on Linux as a security layer lmao.
weird, i don't see anyone talking about linux
are you feeling insecure about something, anon?
>weird, i don't see anyone talking about linux
Exactly.
Lack of pointer protection altogether in all versions of Linux should be a huge scandal.
Assuming security conscious people even use Linux.
Protip: they don't.
>ARM hardware feature is vulnerable
>hurrdurr OS
stop breathing already
This hardware exists to offer an extra layer of security, as long as the software (kernel and userland) takes advantage of that hardware.
On M1, there are ways to defeat this extra layer of security, assuming you have full access to the system and can install a kernel extension.
On Intcel this extra layer of security didn't even exist until 11th gen.
Once it existed hardware-wise, Linux didn't even implement software support for it until 5.18 (literally a month ago, it still hasn't even made it in many distros).
To top if off, Intel's implementation of the same extra hardware security is far more flawed to begin with.
In short, you're seething about a crack on one door of your neighbour's house making it unsecure, meanwhile your house doesn't even have such a door to begin with and everyone enters freely.
If that ain't some high grade cope I don't know what it.
holy cope
itoddlers on suicide watch
>Where were you when God smote the sodomites?
sneed
.
AIEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
kek, the cope on apple fanboy sites
Delete sir
Good thing I didn't fall for the apple meme.
investigative journalism
>pointer authentication
Lel@ the copers coping about pointer authentication bypass bugs, when their own intcel and ayyymd cpoos don't even have pointer authentication to begin with
debunked