Apple’s T2 security chip contains a security vulnerability. The chip is present in MacBook Pros, MacBook Airs, Mac minis, iMacs, iMac Pros and Mac Pros, among others.
The security problem is discovered by the security researchers @ h0m3us3r, @mcmrarm, @ aunali1 and Rick Mark (@su_rickmark). They found that the existing exploit checkm8 for jailbreaking iPhones can also be used to attack the T2 chip. checkm8 is combined with a second vulnerability in the memory controller called blackbird.
The T2 security chip was announced in 2017 and is intended to enable data for Touch ID, encrypted storage and secure boot functionality, among other things. The chip is based on the A10 processor from the iPhone 7. The T2 has been present in the MacBook Pro, MacBook Air and Mac mini since 2018, but is also present in recent models of the Mac Pro, iMac and iMac Pro.
To exploit the vulnerability, attackers need physical access to a system. The vulnerability can be exploited by attackers to run proprietary code in recovery mode. Via this route they can obtain administrative rights and are, among other things, able to loot sensitive data, make adjustments to the macOS operating system or load kernel extensions. The Belgian security company ironPeak states In addition, the vulnerability could be exploited to disable firmware passwords and remote encryption functionality.
It does not seem possible to fix the security problem. Security that prevents changes and is intended to prevent malicious acts, now also makes it impossible to close the vulnerability reports research Rick Mark.