Apple’s T2 chip has an unfixable vulnerability that could allow root access

Apple macOS devices with Intel processors and a T2 chip are vulnerable to an unfixable exploit that could give attackers root access, a cybersecurity researcher claims.

The T2 chip, present in most modern macOS devices, is an Apple silicon co-processor that handles boot and security operations, along with disparate features such as audio processing. Niels H., an independent security researcher, indicates that the T2 chip has a serious flaw that can’t be patched.

According to Niels H., since the T2 chip is based on an Apple A10 processor, it’s vulnerable to the same checkm8 exploit that affects iOS-based devices. That could allow attackers to circumvent activation lock and carry out other malicious attacks.

Normally, the T2 chip will exit with a fatal error if it detects a decryption call when in DFU mode. However, the exploit can be paired with another vulnerability developed by Pangu that can circumvent the DFU exit security mechanism.

Once an attacker gains access to the T2 chip, they will have full root access and kernel execution privileges. Although they can’t decrypt files protected by FileVault encryption, they can inject a keylogger and steal passwords since the T2 chip manages keyboard access.

The vulnerability could also allow for manual bypassing of security locks through MDM or Find My, as well as the built-in Activation Lock security mechanism. A firmware password also doesn’t mitigate the issue, since it requires keyboard access.

Apple also can’t patch the vulnerability without a hardware revision, since the T2’s underlying operating system (SepOS) uses read-only memory for security reasons. On the other hand, that also means the vulnerability isn’t persistent — it’ll require a hardware component, such as a malicious and specially-crafted USB-C cable.

Niels H. said he reached out to Apple to disclose the exploits, but has heard no response. To raise awareness about the issue, he disclosed the vulnerability on his blog.

Who is at risk, and how to protect yourself

According to Niels H., the vulnerability affects all Mac products with a T2 chip and an Intel processor. Since Apple silicon-based devices use a different boot system, it isn’t clear whether they are also impacted.

Because of the nature of the vulnerability and related exploits, physical access is required for attacks to be carried out.

As a result, average users can avoid the exploits by maintaining physical security, and not plugging in USB-C devices with unverified provenance.

Recent Articles

Meizu Watch to open a new chapter in the smartwatch industry – see you in Q4 2020

A few months ago, Meizu officially announced that it will release the “Flyme for Watch” system in Q4 2020. The Flyme OS is Meizu’s...

Hot Exoplanet Smaller than Earth Found Orbiting Nearby Red Dwarf | Astronomy

An international team of astronomers has discovered a hot terrestrial planet orbiting the rapidly-rotating low-mass star TOI-540. An artist’s impression of the hot rocky exoplanet...

Universal Pushes Jurassic World: Dominion To June 2022

Jurassic World: Dominion has been delayed by Universal due to the ongoing Coronavirus pandemic. After Regal and Cinemark made the decision to close their doors...

India approves Apple partners and Samsung for $143 billion smartphone manufacturing plan – TechCrunch

Samsung and three major contract manufacturing partners of Apple are among 16 firms to win $6.65 billion incentives under India’s federal plan to...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox