Apple macOS devices with Intel processors and a T2 chip are vulnerable to unfixed exploits that could give attackers root access, claims a cybersecurity researcher.
The T2 chip, found in most modern macOS devices, is an Apple silicon processor that handles startup and security operations, along with various features such as audio processing. Niels H., an independent security researcher, indicates that the T2 chip has a serious fault that cannot be patched.
According to Niels H., since the T2 chip is based on an Apple A10 processor, it is vulnerable to the same checkm8 utilization that affects iOS-based devices. It can allow attackers to bypass activation locks and perform other malicious attacks.
When an attacker gains access to the T2 chip, they will have full root access and kernel privileges. Although they cannot decrypt files protected by FileVault encryption, they can inject a key logger and steal passwords since the T2 chip manages keyboard access.
The vulnerability could also allow manual bypassing of security locks through MDM or Find My, as well as the built-in security lock activation mechanism. A firmware password does not reduce the problem either, as it requires keyboard access.
Apple also cannot patch the vulnerability without a hardware revision, since T2’s underlying operating system (SepOS) uses read-only memory for security reasons. On the other hand, it also means that the vulnerability is not persistent – it will require a hardware component, such as a malicious and specially crafted USB-C cable.
Niels H. said that he reached out to Apple to reveal the companies, but has not heard any answer. To raise awareness of the issue, he revealed the vulnerability on his IronPeak.be blog.
Who is at risk and how to protect yourself
According to Niels H., the vulnerability affects all Mac products with a T2 chip and an Intel processor. Since Apple silicon-based devices use a different boot system, it is not clear if they are also affected.
Due to the nature of the vulnerability and related exploits, physical access is required for attacks to be carried out.
As a result, average users can avoid business by maintaining physical security and not connecting USB-C devices of unconfirmed origin.