Cybersecurity expert discovers an unfixable exploit that may allow attackers to gain root access on Apple macOS devices with T2 chips and Intel processors.
Niels H., a cybersecurity researcher, claims that this vulnerability exposes Apple macOS devices to attacks, as it exposes the devices' root access to hackers. The T2 chip which is present in many macOS devices is a silicon co-processor designed by Apple to handle security and boot operations. It also plays a role in many other features like audio processing.
According to Niels H., who is an independent security consultant, there is a serious flaw on the T2 chip which, unfortunately, no patch can fix. Hackers may use this unfixable vulnerability to gain root access to the device and start wreaking havoc from there. The cybersecurity consultant also revealed that since the T2 chip's design is based on Apple's A10 processor, it is exposed to a similar checkm8 exploit that affects most iOS-based devices. The exploit allows hackers to bypass the activation lock and start carrying out malicious attacks.
While the T2 chip normally exits with a fatal error once it discovers a decryption call when in Device Firmware Update (DFU) mode, hackers can pair the exploit with another weakness developed by Pangu which bypasses the DFU exit security mechanism. Once hackers gain T2 chip access using this unfixable vulnerability, they will enjoy full root access, as well as kernel execution privileges. Although the attackers cannot decrypt the files protected by Apple's FileVault encryption, they can still inject a keylogger and steal your passwords since the T2 chip also manages keyboard access.
Researcher says that Macs with T2 chips are vulnerable to a variant of the checkm8 exploit, which could jailbreak certain iPhones and was unpatchable (@mpetersonsd / AppleInsider)https://t.co/pCatfAFb9ihttps://t.co/fClJ4PHTer — Techmeme (@Techmeme) October 5, 2020
The unfixable vulnerability of Apple's T2 chip, aside from allowing hackers to gain root access, also gives attackers the chance to bypass security locks through the Mobile Device Management (MDM) or Find My, and also the built-in Activation Lock mechanism. Having a firmware password may not help as it also needs keyboard access, which hackers may already monitor using a keylogger.
The cybersecurity consultant said Apple cannot patch the vulnerability sans a hardware modification since the T2 chip's Secure Enclave Processor Operating System (SepOS) utilizes a read-only memory for security reasons. On the other hand, Niels H. said that the unfixable vulnerability of Apple's T2 chip which allows hackers to gain root access is not persistent and will require a hardware component, like a specially-designed and malicious USB-C cable.
Good times apple. Smdh... @Apple https://t.co/lJnKvQHi4r — Winterr. Mask up! (@WinterBourneTO) October 5, 2020
Niels H. revealed he already sent Apple a message about the unfixable vulnerability of its T2 chip which may allow hackers to gain root access to its Mac devices with T2 chip and Intel processor, but to date, the Cupertino-based company has yet to send a reply. To raise awareness about the vulnerability issue, he revealed his discovery on his IronPeak.be blog.
