Nvidia is upgrading its GeForce Now game streaming service to support 1440p resolution at 120fps in a Chrome or Edge browser. GeForce Now members on the RTX 3080 tier of the service will be able to access the new browser gameplay options today by selecting 1440p on the GeForce Now web version. From a report: Nvidia originally launched its RTX 3080 GeForce Now membership tier last year, offering streams of up to 1440p resolution with 120fps on PCs and Macs or 4K HDR at 60fps on Nvidia's Shield TV. Previously, you had to download the dedicated Mac or Windows apps to access 1440p resolution and 120fps support, as the web version was limited to 1080p at 60fps.

If you're using Zoom on a Mac, it's time for a manual update. The video conferencing software's latest update fixes an auto-update vulnerability that could have allowed malicious programs to use its elevated installing powers, granting escalated privileges and control of the system. From a report: The vulnerability was first discovered by Patrick Wardle, founder of the Objective-See Foundation, a nonprofit Mac OS security group. Wardle detailed in a talk at Def Con last week how Zoom's installer asks for a user password when installing or uninstalling, but its auto-update function, enabled by default, doesn't need one. Wardle found that Zoom's updater is owned by and runs as the root user. It seemed secure, as only Zoom clients could connect to the privileged daemon, and only packages signed by Zoom could be extracted. The problem is that by simply passing the verification checker the name of the package it was looking for ("Zoom Video ... Certification Authority Apple Root CA.pkg"), this check could be bypassed. That meant malicious actors could force Zoom to downgrade to a buggier, less-secure version or even pass it an entirely different package that could give them root access to the system.

This year's major Android update, Android 13, is officially releasing today for Google's Pixel phones, the search giant has announced. From a report: The annual update is getting an official release a little earlier than usual, following Android 12's release last October and Android 11's release in September 2020. The list of updates arriving with this year's version of Android is likely to be familiar if you've been keeping up with Android 13's beta releases. There's the ability to customize non-Google app icons to match your homescreen wallpaper that we saw in Android 13's first developer preview, a new permission to cut down on notification spam, and a new option to limit which of your photos and videos an app can access.

Back in January, we wrote that Google planned to spend this year catching up with Apple's ecosystem integrations, and there's more evidence of this in Android 13's official release. The update includes support for spatial audio with head tracking, which is designed to make sounds appear as though they're coming from a fixed point in space when you move your head while wearing compatible headphones, similar to a feature Apple offers for its AirPods. Today's post doesn't say exactly which headphones this will work with, but Google previously announced it would be updating its Pixel Buds Pro to offer support for spatial audio. Secondly, there's the ability to stream messages from apps including Google Messages directly to a Chromebook, similar to iMessage on the Mac.

Matt Edmondson, a hacker and digital forensics expert, built a Raspberry Pi-powered anti-tracking tool that "scans for nearby devices and alerts you if the same phone is detected multiple times within the past 20 minutes," reports Wired. The device, which can be carried around or placed in a car, consists of parts that cost around $200 in total. From the report: The homemade system works by scanning for wireless devices around it and then checking its logs to see whether they also were present within the past 20 minutes. It was designed to be used while people are on the move rather than sitting in, say, a coffee shop, where it would pick up too many false readings. The anti-tracking tool, which can sit inside a shoebox-sized case, is made up of a few components. A Raspberry Pi 3 runs its software, a Wi-Fi card looks for nearby devices, a small waterproof case protects it, and a portable charger powers the system. A touchscreen shows the alerts the device produces. Each alert may be a sign that you are being tailed. The device runs Kismet, which is a wireless network detector, and is able to detect smartphones and tablets around it that are looking for Wi-Fi or Bluetooth connections. The phones we use are constantly looking for wireless networks around them, including networks they've connected to before as well as new networks.

Edmondson says Kismet makes a record of the first time it sees a device and then the most recent time it was detected. But to make the anti-tracking system work, he had to write code in Python to create lists of what Kismet detects over time. There are lists for devices spotted in the past five to 10 minutes, 10 to 15 minutes, and 15 to 20 minutes. If a device appears twice, an alert flashes up on the screen. The system can show a phone's MAC address, although this is not much use if it's been randomized. It can also record the names of Wi-Fi networks that devices around it are looking for -- a phone that's trying to connect to a Wi-Fi network called Langley may give some clues about its owner. "If you have a device on you, I should see it," he says. In an example, he showed WIRED that a device was looking for a network called SAMSUNGSMART.

To stop the system from detecting your own phone or those of other people traveling with you, it has an "ignore" list. By tapping one of the device's onscreen buttons, it's possible to "ignore everything that it has already seen." Edmondson says that in the future, the device could be modified to send a text alert instead of showing them on the screen. He is also interested in adding the capability to detect tire-pressure monitoring systems that could show recurring nearby vehicles. A GPS unit could also be added so you can see where you were when you were being tracked, he says. [...] Edmondson has no plans to make the device into a commercial product, but he says the design could easily be copied and reused by anyone with some technical knowledge. Many of the parts involved are easy to obtain or may be lying around the homes of people in tech communities. For those interested, Edmondson open-sourced its underlying code and plans to present the research project at the Black Hat security conference in Las Vegas this week.

On Wednesday, Meta announced that the Portal Plus Gen 2 and Portal Go now support Duet Display, an app that can turn a display into a secondary monitor for Macs and PCs. Ars Technica reports: The Portal Plus is the same size as some of the best portable monitors, so it makes sense to repurpose it for that function. Because it's built for video image quality, it has a decent resolution for a portable display -- 2160x1440. Duet Display doesn't require a display to be connected to a computer via a cable, so specific Portals are now portable wireless monitors, too.

At a time when webcams are integrated into many laptops, and USB webcams are easier to find again, many consumers don't need a display dedicated primarily to web calls. But an extra monitor? That's more widely appealing. With the addition of Duet Display, Portal owners have further reason to think about their Portal when they're not on a video call. Meta also gave all Portals with a touchscreen -- namely, the Portal Go, Portal Plus, Portal, and Portal Mini -- a Meta Portal Companion app for macOS. The app enables screen sharing during video calls and provides quick access to video call features, like mute and link sharing in Zoom, Workplace, and BlueJeans.

Patrick Wardle, founder of the Objective-See Foundation, a nonprofit that creates open-source security tools for macOS, has had his code make its way into a number of commercial products over the years -- "all without the users crediting him or licensing and paying for the work," reports The Verge. Wardle, a Mac malware specialist and former employee of the NSA and NASA, will lay out his case in a presentation today at the Black Hat cybersecurity conference with Tom McGuire, a cybersecurity researcher at Johns Hopkins University. From the report: The problem, Wardle says, is that it's difficult to prove that the code was stolen rather than implemented in a similar way by coincidence. Fortunately, because of Wardle's skill in reverse-engineering software, he was able to make more progress than most. "I was only able to figure [the code theft] out because I both write tools and reverse engineer software, which is not super common," Wardle told The Verge in a call before the talk. "Because I straddle both of these disciplines I could find it happening to my tools, but other indie developers might not be able to, which is the concern."

One of the central examples in Wardle's case is a software tool called OverSight, which Wardle released in 2016. Oversight was developed as a way to monitor whether any macOS applications were surreptitiously accessing the microphone or webcam, with much success: it was effective not only as a way to find Mac malware that was surveilling users but also to uncover the fact that a legitimate application like Shazam was always listening in the background. [...] But years after Oversight was released, he was surprised to find a number of commercial applications incorporating similar application logic in their own products -- even down to replicating the same bugs that Wardle's code had.

Three different companies were found to be incorporating techniques lifted from Wardle's work in their own commercially sold software. None of the offending companies are named in the Black Hat talk, as Wardle says that he believes the code theft was likely the work of an individual employee, rather than a top-down strategy. The companies also reacted positively when confronted about it, Wardle says: all three vendors he approached reportedly acknowledged that his code had been used in their products without authorization, and all eventually paid him directly or donated money to the Objective-See Foundation. The Verge notes that Wardle's cousin Josh Wardle created the popular Wordle game, which was purchased earlier this year by The New York Times.

Long-time Slashdot reader chicksdaddy writes: Printer maker Epson has programmed some models of its inkjet printers to "stop operating" at a pre-determined time, citing the risk of property damage linked to "ink spills," the Fight to Repair newsletter reports.

Epson printer owners have complained that their functioning printers have suddenly stopped working, displaying an error message declaring that a component of the printer has "reached the end of its service life" and that the device needs to be serviced. According to Epson's website, the message is linked to ink pads, which Epson describes as "porous pads in the printer that collect, distribute, and very importantly contain the ink that is not used on printed pages." Over time, these pads become saturated with ink though generally not "before the printer is replaced for other reasons" (??!)

"Like so many other products, all Epson consumer ink jet products have a finite life span due to component wear during normal use... The printers are designed to stop operating at the point where further use without replacing the ink pads could create risks of property damage from ink spills or safety issues related to excess ink contacting an electrical component," the company said on its website.

Rather than measure the saturation of the ink pads to determine when that point is reached, however, Epson appears to have programmed a counter on its printers that disables the device when a threshold has been reached. For printer owners who use Windows, Epson makes a reset utility that can reset the counter though it can "only be used once and will allow printing for a short period of time." For Mac users, or Windows users who have already run the reset utility once, Epson urges them to have the printer serviced by an Epson authorized service shop or — preferably — to replace the printer with a new printer. "Repair may not be a cost-effective option for lower-cost printers because other components may also be near the end of their usable life," the company said. Despite the company's claims about the unfixability of the ink pad issue, YouTube videos suggest that the ink pads are, in fact, simple to replace, as this video illustrates.

Some legal experts say that Epson's hard coding an end of life for its printers may be illegal — an example of "Deceptive trade practices," unless it is clearly disclosing the existence of the programmed end of life to consumers prior to purchase.
Here's how the Fight to Repair newsletter sees the situation. Epson "pushes its customers to throw away the entire, working printer unit simply because some sponges are saturated with ink.

"In doing so, the company amplifies our epidemic of e-waste and forces customers into an expensive and (as it turns out) unneeded upgrade."

Credit giant Equifax sent lenders incorrect credit scores for millions of consumers this spring, in a technology snafu with major real-world impact. From a report: In certain cases the errors were significant enough -- the differential was at least 25 points for around 300,000 consumers -- that some would-be borrowers may have been wrongfully denied credit, the company said in a statement. The problem occurred because of a "coding issue" when making a change to one of Equifax's servers, according to the company, which said the issue "was in place over a period of a few weeks [and] resulted in the potential miscalculation" of credit scores. While Equifax did not specify dates or figures, a June 1 alert from housing agency Freddie Mac to its clients said Equifax told the agency that about 12% of all credit scores released from March 17 to April 6 may be have been incorrect. Equifax wrote that "there was no shift in the vast majority of scores" and that "credit reports were not affected." But the company declined to comment to CNN Business about how people can learn whether they were among those whose credit scores were incorrectly reported -- and what recourse they may have if they were issued loans at a higher rate or denied a loan outright because of the snafu.

Microsoft software engineer Stephen Hemminger has proposed removing the DECnet protocol handling code from the Linux kernel. The Register reports: The timing is ironic, as this comes just two weeks after VMS Software Inc announced that OpenVMS 9.2 was really ready this time... That announcement, of course, came some months after the first time it announced [PDF] version 9.2 [...]. The last maintainer of the DECnet code was Red Hat's Christine Caulfield, who flagged the code as orphaned in 2010. The change is unlikely to vastly inconvenience many people: VMS is the last even slightly mainstream OS that used DECnet, and VMS has supported TCP/IP for a long time. Indeed, for decades, the oldest email in this reporter's "sent" folder was a 1993 enquiry about the freeware CMUIP stack for VMS.

One of the easier ways to bootstrap VMS on an elderly VAX these days is to install it on the SimH VAX hardware simulator, and then net-boot the real VAX from the simulated one. Anyone keen enough to do that will be competent to run an older version of Linux just for the purpose. Although their existence is rapidly being forgotten today, TCP/IP is not the only network protocol around, and as late as the mid-1990s it wasn't even the dominant one. The Linux kernel used to support multiple network protocols, but they are disappearing fast. [...] For a long time, DECnet was a significant network protocol. DEC supplied a client stack called PathWorks to let DOS, Windows and Mac clients connect to VAX servers, not only for file and print, but also terminal connections and X.11. Whole worldwide WANs ran over DECnet, and as a teenage student, your correspondent enjoyed exploring them.

In the M2 MacBook Air, Apple has replaced an Intel-made component responsible for controlling the USB and Thunderbolt ports with a custom-made controller, meaning the last remnants of Intel are now fully out of the latest Mac. MacRumors reports: Earlier this month, the repair website iFixit shared a teardown of the new "MacBook Air," revealing a look inside the completely redesigned machine. One subtle detail that went largely unnoticed was that unlike previous Macs, the latest "MacBook Air" introduces custom-made controllers for the USB and Thunderbolt ports. iFixit mentioned it in their report, noting they located a "seemingly Apple-made Thunderbolt 3 driver, instead of the Intel chips we're familiar with." The new component was shared on Twitter earlier today, where it received more attention. Few details are known about the controllers, including whether they're custom-made by Apple or a third party.

The New York Times' product-recommendation service "Wirecutter" has sparked widening criticism about how laptops are reviewed. The technology/Apple blog Daring Fireball first complained that they "institutionally fetishize price over quality". That makes it all the more baffling that their recommended "Best Laptop" — not best Windows laptop, but best laptop, full stop — is a Dell XPS 13 that costs $1,340 but is slower and gets worse battery life (and has a lower-resolution display) than their "best Mac laptop", the $1,000 M1 MacBook Air.
Technically Dell's product won in a category titled "For most people: The best ultrabook" (and Wikipedia points out that ultrabook is, after all, "a marketing term, originated and trademarked by Intel.") But this leads blogger Jack Wellborn to an even larger question: why exactly do reviewers refuse to do a comparison between Wintel laptops and Apple's MacBooks? Is it that reviewers don't think they could fairly compare x86 and ARM laptops? It seems easy enough to me. Are they afraid that constantly showing MacBooks outperforming Wintel laptops will give the impression that they are in the bag for Apple? I don't see why. Facts are facts, and a lot of people need or want to buy a Windows laptop regardless. I can't help but wonder if, in the minds of many reviewers, MacBooks were PCs so long as they used Intel, and therefore they stopped being PCs once Apple switched to using their own silicon.
Saturday Daring Fireball responded with their own assessment. "Reviewers at ostensibly neutral publications are afraid that reiterating the plain truth about x86 vs. Apple silicon — that Apple silicon wins handily in both performance and efficiency — is not going to be popular with a large segment of their audience. Apple silicon is a profoundly inconvenient truth for many computer enthusiasts who do not like Macs, so they've gone into denial..."

Both bloggers cite as an example this review of Microsoft's Surface Laptop Go 2, which does begin by criticizing the device's old processor, its un-backlit keyboard, its small selection of ports, and its low-resolution touchscreen. But it ultimately concludes "Microsoft gets most of the important things right here, and there's no laptop in this price range that doesn't come with some kind of trade-off...." A crime of omission — or is the key phrase "in this price range"? (Which gets back to Daring Fireball's original complaint about "fetishizing price over quality.") Are Apple's new Silicon-powered laptops sometimes being left out of comparisons because they're more expensive?

In an update, Wellborn acknowledges that this alleged refusal-to-compare apparently actually precedes Apple's launch of its M1 chip. But he argues that now it's more important than ever to begin making those comparisons: It's a choice between a hot and noisy and/or slow PC laptop running Windows and a cool, silent, and fast MacBook. Most buyers don't know that choice now exists, and it's the reviewer's job to educate them. Excluding MacBooks from consideration does those buyers a considerable disservice.

"Google has released security updates for Google Chrome browser for Windows, Mac and Linux, addressing vulnerabilities that could allow a remote attacker to take control of systems," reports ZDNet: There are 11 fixes in total, including five that are classed as high-severity. As a result, CISA has issued an alert encouraging IT administrators and regular users to install the updates as soon as possible to ensure their systems are not vulnerable to the flaws.

Among the most severe vulnerabilities that are patched by the Google Chrome update is CVE-2022-2477, a vulnerability caused by a use-after-free flaw in Guest View, which could allow a remote attacker to execute arbitrary code on systems or crash them... Another of the vulnerabilities, CVE-2022-2480, relates to a use-after-free flaw in the Service Worker API, which which acts as a proxy server that sit between web applications, the browser and the network in order to improve offline experiences, among other things.

An anonymous reader quotes a report from Ars Technica: Unlike Intel Macs, Apple silicon Macs were designed to run only Apple's software. But the developers on the Asahi Linux team have been working to change that, painstakingly reverse-engineering support for Apple's processors and other Mac hardware and releasing it as a work-in-progress distro that can actually boot up and run on bare metal, no virtualization required. The Asahi Linux team put out a new release today with plenty of additions and improvements. Most notably, the distro now supports the M1 Ultra and the Mac Studio and has added preliminary support for the M2 MacBook Pro (which has been tested firsthand by the team) and the M2 MacBook Air (which hasn't been tested but ought to work). Preliminary Bluetooth support for all Apple silicon Macs has also been added, though the team notes that it works poorly when connected to a 2.4GHz Wi-Fi network because "Wi-Fi/Bluetooth coexistence isn't properly configured yet."

There are still many other things that aren't working properly, including the USB-A ports on the Studio, faster-than-USB-2.0 speeds from any Type-C/Thunderbolt ports, and GPU acceleration, but progress is being made on all of those fronts. GPU work in particular is coming along, with a "prototype driver" that is "good enough to run real graphics applications and benchmarks" already up and running, though it's not included in this release. The Asahi team has said in the past that it expects support for new chips to be relatively easy to add to Asahi since Apple's chip designers frequently reuse things and don't make extensive hardware changes unless there's a good reason for it. Adding basic support for the M2 to Asahi happened over the course of a single 12-hour development session, and just "a few days" of additional effort were needed to get the rest of the hardware working as well as it does with M1-based Macs.

According to The Verge's review of the new MacBook Air with the M2 chip, the $1,199 base model equipped with 256GB of storage has a single NAND chip, which will lead to slower SSD speeds in benchmark testing. MacRumors reports: The dilemma arises from the fact that Apple switched to using a single 256GB flash storage chip instead of two 128GB chips in the base models of the new MacBook Air and 13-inch MacBook Pro. Configurations equipped with 512GB of storage or more are equipped with multiple NAND chips, allowing for faster speeds in parallel. In a statement issued to The Verge, Apple said that while benchmarks of the new MacBook Air and 13-inch MacBook Pro with 256GB of storage "may show a difference" compared to previous-generation models, real-world performance is "even faster":

"Thanks to the performance increases of M2, the new MacBook Air and the 13-inch MacBook Pro are incredibly fast, even compared to Mac laptops with the powerful M1 chip. These new systems use a new higher density NAND that delivers 256GB storage using a single chip. While benchmarks of the 256GB SSD may show a difference compared to the previous generation, the performance of these M2 based systems for real world activities are even faster." It's unclear if Apple's statement refers explicitly to real-world SSD performance or overall system performance.

Google is releasing Chrome OS Flex today, a new version of Chrome OS that's designed for businesses and schools to install and run on old PCs and Macs. From a report: Google first started testing Chrome OS Flex earlier this year in an early access preview, and the company has now resolved 600 bugs to roll out Flex to businesses and schools today. Chrome OS Flex is designed primarily for businesses running old Windows PCs, as Google has been testing and verifying devices from Acer, Asus, Dell, HP, Lenovo, LG, Toshiba, and many more OEMs. Flex will even run on some old Macs, including some 10-year-old MacBooks. The support of old hardware is the big selling point of Chrome OS Flex, as businesses don't have to ditch existing hardware to get the latest modern operating system. More than 400 devices are certified to work, and installation is as easy as using a USB drive to install Chrome OS Flex.

From the world of proprietary software comes this report by Popular Science. "Despite the increasing number of more economical options (read also: free) on the market, many people still prefer Microsoft Office over the alternatives available..."

"The only setback? A license can be expensive, especially if you're the one shouldering the fees instead of your company. If you wish to have access to the suite for personal use, you either have to pay recurring fees for a subscription or cough up hundreds in one go for an annual license."

Sounds pretty rough. But through Thursday they're at least getting a temporary price drop: If none of these options appeal to you, maybe this Microsoft Office Home and Business: Lifetime License deal can. For our Deals Day sale, you can grab it on sale for only $39.99 — no coupon needed. This bundle is designed for families, students, and small businesses who want unlimited access to MS Office apps and email without breaking the bank. The license package includes programs you already likely use on the regular, including Word, Excel, PowerPoint, Outlook, Teams, and OneNote.

Upon purchase, you get access to your software license keys and download links instantly. You also get free updates for life across all programs, along with free customer service that offers the best support in case any of the apps run into trouble. The best part? You only have to pay once and you're set for life. The Microsoft Office Home and Business: Lifetime License normally goes for $349, but from today until July 14, you can get it for only $39.99 thanks to the special Deals Day event. Click here for Mac and here for Windows.

Apple introduced a security tool for iPhone, iPad and Mac devices that is designed to prevent targeted cyberattacks on high-profile users such as activists, journalists and government officials. From a report: The optional feature, called Lockdown Mode, will offer "extreme" protection for a "very small number of users who face grave, targeted attacks," Apple said Wednesday in a statement. The tool vastly reduces the number of physical and digital ways for an attacker to hack a user's device. Apple said the feature is aimed primarily at trying to combat attacks from "spyware" sold by NSO Group and other companies, particularly to state-sponsored groups.

[...] Lockdown Mode will affect the Messages app, FaceTime, Apple online services, configuration profiles, the Safari web browser and wired connections. With the tool in place, the Messages app will block attachments other than images and disable link previews. Those are two common mechanisms that hackers use to infiltrate devices remotely. The web browser, another frequent conduit for hackers, will also be severely limited, with restrictions on certain fonts, web languages and features involving reading PDFs and previewing content. In FaceTime, users won't be able to receive calls from an individual that they haven't previously called within the preceding 30 days.

Steve Jobs, the co-founder and former CEO of Apple, has been awarded a posthumous Presidential Medal of Freedom by President Joe Biden, the White House announced Friday. The Verge reports: The Presidential Medal of Freedom is the highest US honor that can be given to a civilian, and it's presented to "individuals who have made exemplary contributions to the prosperity, values, or security of the United States, world peace, or other significant societal, public or private endeavors," the White House said in a statement. Jobs founded Apple in April 1976, and it's since become one of the biggest companies in the world. He helped launch many tech products that have gone on to become cultural touchstones, including the Mac, the iPod, and the iPhone. He died on October 5th, 2011.

In its statement, the White House praised Jobs's creative approach to his various endeavors. "Steve Jobs was the co-founder, chief executive, and chair of Apple, Inc., CEO of Pixar and held a leading role at the Walt Disney Company," the White House wrote. "His vision, imagination and creativity led to inventions that have, and continue to, change the way the world communicates, as well as transforming the computer, music, film and wireless industries." The award will be presented on July 7th. The full list of this year's Presidential Medal of Freedom recipients can be viewed here.

Mozilla: Starting today, Firefox is rolling out Total Cookie Protection by default to all Firefox users worldwide, making Firefox the most private and secure major browser available across Windows and Mac. Total Cookie Protection is Firefox's strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site. Whether it's applying for a student loan, seeking treatment or advice through a health site, or browsing an online dating app, massive amounts of your personal information is online -- and this data is leaking all over the web.

The hyper-specific-to-you ads you so often see online are made possible by cookies that are used to track your behavior across sites and build an extremely sophisticated profile of who you are. Recent stories (including an excellent Last Week Tonight episode) have shown how robust, yet under-the-radar, the data selling economy is and how easy it is for anyone to buy your data, combine it with more data about you and use it for a variety of purposes, even beyond advertising. It's an alarming reality -- the possibility that your every move online is being watched, tracked and shared -- and one that's antithetical to the open web we at Mozilla have strived to build. That's why we developed Total Cookie Protection to help keep you safe online.

Total Cookie Protection works by creating a separate "cookie jar" for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites, they just get to see behavior on individual sites. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to only that website. No other websites can reach into the cookie jars that don't belong to them and find out what the other websites' cookies know about you -- giving you freedom from invasive ads and reducing the amount of information companies gather about you. This approach strikes the balance between eliminating the worst privacy properties of third-party cookies -- in particular the ability to track you -- and allowing those cookies to fulfill their less invasive use cases (e.g. to provide accurate analytics). With Total Cookie Protection in Firefox, people can enjoy better privacy and have the great browsing experience they've come to expect.

"Researchers at MIT have discovered an unfixable vulnerability in Apple Silicon that could allow attackers to bypass a chip's 'last line of defense'," writes the Apple Insider blog, "but most Mac users shouldn't be worried." More specifically, the team at MIT's Computer Science & Artificial Intelligence Laboratory found that Apple's implementation of pointer authentication in the M1 system-on-chip can be overcome with a specific hardware attack they've dubbed "PACMAN." Pointer authentication is a security mechanism in Apple Silicon that makes it more difficult for attackers to modify pointers in memory. By checking for unexpected changes in pointers, the mechanism can help defend a CPU if attackers gain memory access.... The flaw comes into play when an attacker successfully guesses the value of a pointer authentication code and disables it.

The researchers found that they could use a side-channel attack to brute-force the code. PACMAN echoes similar speculative execution attacks like Spectre and Meltdown, which also leveraged microarchitectural side channels. Because it's a flaw in the hardware, it can't be fixed with a software patch.

[A]ctually carrying out the PACMAN attack requires physical access to a device, meaning the average Mac user isn't going to be at risk of exploit. The flaw affects all kinds of ARM-based chips — not just Apple's. The vulnerability is more of a technological demonstration of a wider issue with pointer authentication in ARM chips, rather than an issue that could lead to your Mac getting hacked.
MIT has made more information available at the site PACMANattack.com — including answers to frequently asked questions. Q: Is PACMAN being used in the wild?
A: No.
Q: Does PACMAN have a logo?
A: Yeah!
The MIT team says their discovery represents "a new way of thinking about how threat models converge in the Spectre era." But even then, MIT's announcement warns the flaw "isn't a magic bypass for all security on the M1 chip." PACMAN can only take an existing bug that pointer authentication protects against, and unleash that bug's true potential for use in an attack by finding the correct PAC. There's no cause for immediate alarm, the scientists say, as PACMAN cannot compromise a system without an existing software bug....

The team showed that the PACMAN attack even works against the kernel, which has "massive implications for future security work on all ARM systems with pointer authentication enabled," says Ravichandran. "Future CPU designers should take care to consider this attack when building the secure systems of tomorrow. Developers should take care to not solely rely on pointer authentication to protect their software."
TechCrunch obtained a comment from Apple: Apple spokesperson Scott Radcliffe provided the following: "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these techniques. Based on our analysis as well as the details shared with us by the researchers, we have concluded this issue does not pose an immediate risk to our users and is insufficient to bypass operating system security protections on its own."