Well, this is sort of a mess.
A cybersecurity researcher has claimed that macOS devices with Intel processors and a T2 security chip are vulnerable to an unfixable exploit that could offer attackers root access.
The T2 chip, which is found in most modern macOS devices, is an Apple Silicon co-processor that handles boot and security operations alongside other features such as audio processing. According to Niels H., an independent security researcher, the T2 chip features a flaw that can’t be patched.
Per the report, since the T2 chip is based on an Apple A10 processor, it’s vulnerable to the same checkm8 exploit that affects iOS-based devices. That could allow attackers to circumvent activation lock and carry out other malicious attacks.
Under normal circumstances, the T2 chip will exit with a fatal error if it detects a decryption call while in DFU mode. Unfortunately, the exploit can be paired with another vulnerability developed by Pangu that can circumvent the DFU exit security mechanism.
Should an attacker gain access to the T2 chip, they’ll have full root access as well as kernel execution privileges. While they won’t be able to decrypt files protected by FileVault encryption, they could still inject a keylogger and steal passwords since the T2 chip manages keyboard access.
This vulnerability could also allow the intruder to manually bypass security locks through MDM or Find My, as well as maneuver around the built-in Activation Lock security mechanism. Installing a firmware password won’t resolve the issues, as this still requires keyboard access.
Apple won’t be able to patch the vulnerability without a hardware revision given that that T2’s operating system, known as “SepOS,” uses read-only memory as a security protocol. If there’s a bright side, it means that the vulnerability isn’t persistent and will require a hardware component, such as a malicious and specially-crafted USB-C cable to execute.
Niels H. has stated that he has reached out to Apple to disclose the exploits, but has yet to hear back from the company.
According to Niels H., the vulnerability affects all Mac products with a T2 chip and an Intel processor. Since Apple Silicon-based devices use a different boot system, it isn’t clear whether they are also impacted.
If there’s some relief to be had, it’s that given the nature of the vulnerability, physical access will be required for attacks to be carried out. This exempts the average user from being vulnerable to this, provided they can keep unwanted parties with USB-C devices away from their machines.
Stay tuned for additional details as they become available.
Via AppleInsider and IronPeak.be blog