T2 Security Chip in Mac a Computer Contains an “Unpatchable” Vulnerability

Security researchers have discovered a flaw, wherein two techniques are used to remove the restrictions apple puts in place (commonly known as Jailbreaking) are combined. Together, the Jailbreaking techniques exploit a vulnerability in Mac computers’ T2 Security Chip, which in turn allows an attacker to decrypt data and or plant malware on the device.

Unpatchable flaw potentially affects Apple Mac computers

It is claimed to be an “unpatchable flaw”, and it potentially affects all iMacs, MacBooks and MacBook Pro’s released during and after 2018. Successful exploitation is a complex process but only requires a USB-C cable to carry out.

How T2 Chips are exploited

The exploit works by combining the ‘Blackbird’ and ‘Checkm8’ exploits, developed for iOS jailbreaking, to exploit the T2 chips. First, the Checkm8 is executed to triggers an error. Following this, executing Blackbird will bypass the issue, which allows an attacker to take over a system. The exploit works because the debugging interface was left open in the T2 Security Chip.

The remediation

Unfortunately, a patch cannot be issued as the issue is with the hardware. The impact is quite severe, not only is the exploit publicly circulating but those who seek to misuse the vulnerability can now retrieve information that even Apple refuses to provide to authorities.

To mitigate this risk, it is advised that individuals with Apple products refrain from Jailbreaking, as this will put the device at risk of exploitation.

Source: IT Pro

Risk Crew