Every now and again, I consider either stealing a friend’s Mac for dinking around purposes or just buying my own–the latter option because hey, if I bust it, I own it. I’ve never been a huge fan of Apple’s walled garden approach, but I’ve also been an iPhone user for way too damn long so you’ve got an idea how much of a deal breaker that might be if you’re me. If I owned one, it almost certainly wouldn’t be my primary machine–often for two equally concerning reasons. Accessibility, and security.
Yes, yes I know, Apple’s on top of the accessibility game. VoiceOver’s great, and all that. Sure. Except when it’s not. I do a lot of work within WordPress–this site runs on WordPress, and I get paid by the WordPress people. So I need to run circles around that software–and my employer’s particular modifications to that software. It’s… there, but could be better. There are proposed solutions on the WordPress side of things, but some of that responsibility also needs to fall on Apple. They’ve managed to figure out how to make remapping gestures on your phone/iPad be a thing, so they’re aware it’s an issue. On the Mac, they’re not there yet. For the guy with a personal site who maybe only updates once every couple years (Hey that’s me!), maybe that’s not a huge issue–I’d fight with it once or twice to update this site. But for the guy who interacts with user sites on a daily basis (Hey that’s also me!), I want it done as quickly and as efficiently as possible. Even if the Mac was my primary machine, doing this would be neither quick nor efficient. So while I’ve considered owning one and probably will as a test device, I can’t say it will solidly be my work/productivity machine. Now, if they fix these issues, then that’s one problem solved. My other hesitation is security.
The Mac’s big thing is it’s supposedly more secure than Windows or Linux because reasons. Usually those reasons are around malware/viruses/whatever, which by itself is a questionable assertion to make given they’re starting to outpace windows in infection frequency. But the thing about a supposedly super secure OS is when someone discovers a security vulnerability, it’s usually a big one.
Apple’s M1 chips have an “unpatchable” hardware vulnerability that could allow attackers to break through its last line of security defenses, MIT researchers have discovered.
The vulnerability lies in a hardware-level security mechanism utilized in Apple M1 chips called pointer authentication codes, or PAC. This feature makes it much harder for an attacker to inject malicious code into a device’s memory and provides a level of defense against buffer overflow exploits, a type of attack that forces memory to spill out to other locations on the chip.
Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it.
The attack, appropriately called “Pacman,” works by “guessing” a pointer authentication code (PAC), a cryptographic signature that confirms that an app hasn’t been maliciously altered. This is done using speculative execution — a technique used by modern computer processors to speed up performance by speculatively guessing various lines of computation — to leak PAC verification results, while a hardware side-channel reveals whether or not the guess was correct.
What’s more, since there are only so many possible values for the PAC, the researchers found that it’s possible to try them all to find the right one.
Suddenly if Apple ever solves the accessibility issue, I don’t think I’ll be using a Mac for work purposes–at least not work purposes with international travel implications. At least, not one of their newer models–give me a non-M1 Mac all day long at this rate. Which is a damn shame, because I want that hardware.
I will never be an Apple superfan, I’m fairly sure–they do an awful lot of things I’m not a fan of, but I’m not on the anti-Apple pro-Google (or even just anti-Apple) train either. I want to use them as part of my toolset, not entirely unlike I currently use Google as part of my toolset (not originally my idea, but that’s another post). But they don’t make it easy. I’m lazy–I like easy.
I love the idea of where Apple wants to go with its hardware. Not so thrilled that Apple needs to make virtualization harder to get there, mind, but you can’t have everything. For accessibility reasons and security reasons, I don’t know how open I am to taking that ride directly. For security reasons, if you’ve already taken that ride, I’m very sorry.