Irreparable Vulnerability Found in Apple's Security-Focused T2 Chip

According to an independent security researcher, there is a serious vulnerability in Mac devices with Intel processors and T2 chips. According to the researcher, this is open and cannot be th door to any patch.

Apple macOS devices with Intel processors and T2 chips have an irreparable vulnerability that could allow attackers to access administrator access, a cybersecurity researcher claims.

This T2 chip in question is the Apple Silicon coprocessor used on many modern macOS devices. This chip handles features such as audio processing, as well as pre-loading and security operations. According to Niels H., an independent security researcher, the T2 chip has a serious vulnerability that cannot be patched off.

According to Niels H., the Apple A10 processor-based T2 chip is vulnerable to the 'chekcm8' vulnerability, which also affects iOS-based devices. This means attackers can block activation locking and carry out other harmful attacks.

Under normal circumstances, the T2 chip exits with an error if it detects decryption while in DFU mode. However, this vulnerability could be mapn to another vulnerability developed by Pangu that blocks the DFU's exit security mechanism.

The attacker has full administrator access and core management privileges after gaining access to the T2 chip. Although files protected by FileVault encryption cannot be decrypted, passwords can be stolen using 'keylogger'. The vulnerability also allows security locks to be bypassed manually.

Niels H. said it had reached out to Apple to close the gap but could not get a return. To get attention, he posted a post on his blog about the vulnerability. In addition, according to Niels H., this vulnerability affects all Mac devices with Intel processors and T2 chips. However, an attacker would need physical access to the device to exploit the vulnerability. If you also have a Mac device with an Intel processor and T2 chips, you can be careful not to plug unspable USB's into your device.