Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
General Discussions
Security Awareness
Apple’s T2 security chip has an unfixable flaw
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="OneMoreThing..." data-source="post: 1864463" data-attributes="member: 196927"><p><img src="https://cdn.arstechnica.net/wp-content/uploads/2018/08/IMG_0442-800x453.jpg" alt="2014 Mac mini and 2012 Mac mini" class="fr-fic fr-dii fr-draggable " style="" /></p><p><a href="https://cdn.arstechnica.net/wp-content/uploads/2018/08/IMG_0442.jpg" target="_blank">Enlarge</a> / The 2014 Mac mini is pictured here alongside the 2012 Mac mini. They looked the same, but the insides were different in some key—and disappointing—ways. (credit: <a href="https://arstechnica.com/gadgets/2017/10/the-mac-mini-isnt-dead-yet-says-tim-cook/" target="_blank">Andrew Cunningham</a>)</p><p></p><p>A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for <a href="https://www.wired.com/story/apple-ios-unc0ver-jailbreak/" target="_blank">more than a year to jailbreak older models of iPhones</a>. But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside.</p><p></p><p>In general, the jailbreak community hasn't paid as much attention to macOS and OS X as it has iOS, because they don't have the same restrictions and walled gardens that are built into Apple's mobile ecosystem. But the <a href="https://www.wired.com/story/apple-t2-security-chip-macbook-microphone/" target="_blank">T2 chip, launched in 2017</a>, created some limitations and mysteries. Apple added the chip as a trusted mechanism for securing high-value features like encrypted data storage, Touch ID, and Activation Lock, which works with Apple's "Find My" services. But the T2 also contains a vulnerability, known as Checkm8, that jailbreakers have already been exploiting in Apple's A5 through A11 (2011 to 2017) mobile chipsets. Now Checkra1n, the same group that developed the tool for iOS, has released support for T2 bypass.</p><p></p><p>On Macs, the jailbreak allows researchers to probe the T2 chip and explore its security features. It can even be used to <a href="https://twitter.com/qwertyoruiopz/status/1238606353645666308" target="_blank">run Linux</a> on the T2 or play <em>Doom</em> on a MacBook Pro's Touch Bar. The jailbreak could also be weaponized by malicious hackers, though, to disable macOS security features like <a href="https://support.apple.com/en-us/HT204899" target="_blank">System Integrity Protection</a> and <a href="https://support.apple.com/en-us/HT208330" target="_blank">Secure Boot</a> and install malware. Combined with another T2 vulnerability that was <a href="https://github.com/windknown/presentations/blob/master/Attack_Secure_Boot_of_SEP.pdf" target="_blank">publicly disclosed</a> in July by the Chinese security research and jailbreaking group Pangu Team, the jailbreak could also potentially be used to obtain <a href="https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac" target="_blank">FileVault</a> encryption keys and to decrypt user data. The vulnerability is unpatchable, because the flaw is in low-level, unchangeable code for hardware.</p><p></p><p><a href="https://arstechnica.com/?p=1713174#p3" target="_blank">Read 13 remaining paragraphs</a> | <a href="https://arstechnica.com/?p=1713174&comments=1" target="_blank">Comments</a></p><p></p><p><a href="https://arstechnica.com/?p=1713174" target="_blank">Click here to view the article...</a></p></blockquote><p></p>
[QUOTE="OneMoreThing..., post: 1864463, member: 196927"] [IMG alt="2014 Mac mini and 2012 Mac mini"]https://cdn.arstechnica.net/wp-content/uploads/2018/08/IMG_0442-800x453.jpg[/IMG] [URL='https://cdn.arstechnica.net/wp-content/uploads/2018/08/IMG_0442.jpg']Enlarge[/URL] / The 2014 Mac mini is pictured here alongside the 2012 Mac mini. They looked the same, but the insides were different in some key—and disappointing—ways. (credit: [URL='https://arstechnica.com/gadgets/2017/10/the-mac-mini-isnt-dead-yet-says-tim-cook/']Andrew Cunningham[/URL]) A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for [URL='https://www.wired.com/story/apple-ios-unc0ver-jailbreak/']more than a year to jailbreak older models of iPhones[/URL]. But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside. In general, the jailbreak community hasn't paid as much attention to macOS and OS X as it has iOS, because they don't have the same restrictions and walled gardens that are built into Apple's mobile ecosystem. But the [URL='https://www.wired.com/story/apple-t2-security-chip-macbook-microphone/']T2 chip, launched in 2017[/URL], created some limitations and mysteries. Apple added the chip as a trusted mechanism for securing high-value features like encrypted data storage, Touch ID, and Activation Lock, which works with Apple's "Find My" services. But the T2 also contains a vulnerability, known as Checkm8, that jailbreakers have already been exploiting in Apple's A5 through A11 (2011 to 2017) mobile chipsets. Now Checkra1n, the same group that developed the tool for iOS, has released support for T2 bypass. On Macs, the jailbreak allows researchers to probe the T2 chip and explore its security features. It can even be used to [URL='https://twitter.com/qwertyoruiopz/status/1238606353645666308']run Linux[/URL] on the T2 or play [I]Doom[/I] on a MacBook Pro's Touch Bar. The jailbreak could also be weaponized by malicious hackers, though, to disable macOS security features like [URL='https://support.apple.com/en-us/HT204899']System Integrity Protection[/URL] and [URL='https://support.apple.com/en-us/HT208330']Secure Boot[/URL] and install malware. Combined with another T2 vulnerability that was [URL='https://github.com/windknown/presentations/blob/master/Attack_Secure_Boot_of_SEP.pdf']publicly disclosed[/URL] in July by the Chinese security research and jailbreaking group Pangu Team, the jailbreak could also potentially be used to obtain [URL='https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac']FileVault[/URL] encryption keys and to decrypt user data. The vulnerability is unpatchable, because the flaw is in low-level, unchangeable code for hardware. [URL='https://arstechnica.com/?p=1713174#p3']Read 13 remaining paragraphs[/URL] | [URL='https://arstechnica.com/?p=1713174&comments=1']Comments[/URL] [url=https://arstechnica.com/?p=1713174]Click here to view the article...[/url] [/QUOTE]
Verification
Name this item 🌈
Post reply
Forums
General Discussions
Security Awareness
Apple’s T2 security chip has an unfixable flaw
Top
