Apple M1 Processor | Breaking Cybersecurity News | The Hacker News

A novel hardware attack dubbed  PACMAN  has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity," MIT researchers Joseph Ravichandran, Weon Taek Na, Jay Lang, and Mengjia Yan  said  in a new paper. What's more concerning is that "while the hardware mechanisms used by PACMAN cannot be patched with software features, memory corruption bugs can be," the researchers added. The vulnerability is rooted in pointer authentication codes ( PACs ), a line of defense introduced in arm64e architecture that aims to detect and secure against unexpected changes to  pointers  — objects that reference an address location in memory. PACs aim to solve a common problem in software...

Days after the  first malware  targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x86_64 and the iPhone maker's M1 processors. However, the ultimate goal of the operation remains something of a conundrum, what with the lack of a next-stage or final payload leaving researchers unsure of its distribution timeline and whether the threat is just under active development. Calling the malware "Silver Sparrow," cybersecurity firm Red Canary said it identified two different versions of the malware — one compiled only for Intel x86_64 and uploaded to VirusTotal on August 31, 2020 ( version 1 ), and a second variant submitted to the database on January 22 that's compatible with both Intel x86_64 and M1 ARM64 architectures ( version 2 ). Adding to the mystery, the x86_64 binary, upon execution, simply displays the message "Hello, ...

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They're no longer just tools, but an integral and significant part of your organization's workforce. Consider this reality: Today's AI agents can analyze customer data, generate reports, manage system resources, and even deploy code, all without a human clicking a single button. This shift represents both tremendous opportunity and unprecedented risk. AI Agents are only as secure as their NHIs Here's what security leaders are not necessarily considering: AI agents don't operate in isolation . To function, they need access to data, systems, and resources. This highly privileged, often overlooked acces...