It is reported that most modern macOS devices use T2 coprocessors, which can be responsible for startup and security-related operations, as well as audio processing and other different functions. Since 2018, Apple has equipped several of its MacOS devices with T2 security chips based on Intel processor platforms. Recently, however, a cybersecurity researcher pointed out that the chip has an irremedable vulnerability that allows an attacker to easily gain root access to a device.
Close-up of the iMac Pro motherboard (Photo: iFixit)
According to Niels H., because the T2 chip is based on an Apple A10 processor, it is vulnerable to iOS device esophone vulnerability attacks (checkm8).
Typically, if a decryption call is detected in DFU mode, the T2 chip exits in the form of a fatal error.
However, the exploiter can be used in conjunction with another vulnerability developed by Pangu to bypass the DFU’s exit security mechanism.
For experienced attackers, it is clear that this bypasses activation locks and performs other malicious attacks.
Once an attacker gaines access to a T2 chip, they will have full root access and kernel execution privileges.
Even if files protected by FileVault encryption cannot be decrypted, it is possible to inject keylogger programs and steal password credentials from users because the T2 chip manages keyboard access.
Firmware-level passwords are not immune, as keyboard access is still required for this part. The vulnerability also allows mobile device management (MDM) and Find My features to bypass the built-in activation lock security mechanism.
Screenshot of the MacBook Pro system (from: Apple Support)
To make matters worse, Apple could not completely mitigate the vulnerability without hardware patching. For security reasons, T2’s basic operating system (SepOS) is burned on read-only memory (ROM).
Niels H. says it has notified Apple of these issues, but has yet to receive any response, and interested friends can go to the IronPeak.be blog for more details (transmission door).
The solace is that even if the vulnerability affects all Mac products based on Intel processors and T2 security chips, the issue will not persist.
Because an attacker first needs physical access to the user’s device and then performs it with special hardware, such as malicious or customized USB-C cables.
For the average user, just keep in mind that you keep your physical security safe and don’t plug in unverified USB-C devices to avoid this risk.
Whether the latest Apple Silicon platform has the same problem remains to be seen.