Macs With Intel Processors And T2 Chip Are Vulnerable To An Unpatchable Exploit

A cybersecurity researcher has declared that Macs using Intel processors and T2 chips are vulnerable to an unpatchable security flaw that may provide attackers with root access.

Niels Hofmans, an independent cybersecurity researcher, said in a blog post that since the T2 chip is based on the Apple A10 processor, it is vulnerable to the checkm8 exploit. This could allow attackers to circumvent activation lock and carry out other malicious attacks. Hackers could use the exploit to cooperate with another exploit developed by Pangu to circumvent the DFU export security mechanism.

Once an attacker gains access to the T2 chip, they will have the full root access and kernel execution privileges. Although they cannot decrypt files protected by FileVault encryption, the T2 chip manages keyboard access, they can inject keyloggers and steal passwords.

The exploit may also bypass the remote device locking function (Activation Lock) that's used by services like MDM and FindMy., which means that one can bypass the functionality of locking an Apple device remotely.  The firmware password does not alleviate the issue because it requires keyboard access.

Hofmans stated that he had contacted Apple to disclose the exploit, but received no response. 

It's recommended that users only need not plug in unverified USB-C devices to avoid related attacks.

Image Via MacRumors

Post a Comment

Previous Post Next Post