Security researchers are reporting a significant flaw in Apple’s T2 security chip that has a wide-ranging impact on the MacOS platform, especially the latest MacBook Air and MacBook Pro machines. With the issue located in the read-only memory portion of the T2, the flaw is effectively unpatchable, leaving user data exposed.
As first described by Belgian security firm IronPeak, it is possible to gain control over the core Operating System. This could facilitate data extraction, allow keylogging software or malware to be installed, and any number of other potential uses. The exploit relies on code previously used to jailbreak the iPhone X handsets. Mahit Huilgoi has more details at iPhoneHacks:
“The exploit is called check8 and was developed initially for iPhone X. Interestingly, the iPhone X is powered by A10 processor, and the T2 chip is also modeled after the A10 processor. Typically, the T2 chip throws a fatal error whenever it gets a decryption call. However, the attackers can circumvent the check with the help of a blackbird vulnerability. The worst part is that sepOS/BootROM is Read-Only memory, which means Apple will not be able to patch this without changing the hardware.”
Because of the physical nature of the flaw in the T2 chip – the exploit is in the read-only memory of the chip – this is not a security issue that can be patched by a firmware update. Apple will no doubt be re-engineering the chip so that Macs rolling out of the factory in the near future will have patched hardware.
The physical nature of the exploit also means that any attacker is going to need to physical access to your machine…