Apple’s T2 Chip can be exploited to jailbreak Mac and MacBook – Claim security researchers

Security researchers have discovered two exploits to hack Apple’s T2 Chip in order to jailbreak Macs running on the processor. By combining the iPhone’s checkm8 exploit with Blackbird vulnerability, hackers can jailbreak MacBooks and Macs with the T2 security chip.

Over the past few weeks, various sources shared the security vulnerability of the chip on social media like Twitter and Reddit. Recently, experts tested and confirmed the security exploit. The process is rather complex and requires physical access to the device to initiate the breach.

Introduced in 2018, the Apple T2 Security Chip is the company’s second-generation custom silicon for the Mac line-up. The chip includes an enclave co-processor to enable secure Touch Id data, encrypted storage, and boot capabilities.

mac chips apple

 

Apple’s T2 Chip Security Vulnerability

It is reported that the successful exploit will enable hackers to take complete control of the jailbroken device and they can easily make changes to the core operating system’s operations. It is worrisome because unauthorized access can result in a breach of users’ confidential data and plant malware.

ironPeak explains how the debugging vulnerability works,

“Apple left a debugging interface open in the T2 security chip shipping to customers, allowing anyone to enter Device Firmware Update (DFU) mode without authentication.

The blog posts explain the far-reaching impact of the security breach,

“Once you have access on the T2, you have full root access and kernel execution privileges since the kernel is rewritten before execution. Good news is that if you are using FileVault2 as disk encryption, they do not have access to your data on disk immediately. They can however inject a keylogger in the T2 firmware since it manages keyboard access, storing your password for retrieval or transmitting it in the case of a malicious hardware attachment.

The functionality of locking an Apple device remotely (e.g. via MDM or FindMy) can be bypassed (Activation Lock).

A firmware password does not mitigate this issue since it requires keyboard access, and thus needs the T2 chip to run first.

Any kernel extension could be whitelisted since the T2 chip decides which one to load during boot.

If the attack is able to alter your hardware (or sneak in a malicious USB-C cable), it would be possible to achieve a semi-tethered exploit.

While this may not sound as frightening, be aware that this is a perfectly possible attack scenario for state actors. I have sources that say more news is on the way in the upcoming weeks.”

apple

As this is a hardware vulnerability, experts claim that it is unpatchable and can only be resolved via a hardware replacement. Therefore, the upcoming Apple Silicon Mac might not be affected by the exploits. For the Mac users are advised to not connect any suspicious external device via the USB-C port. The following devices are vulnerable to the security flaw in the T2 chip:

  • iMac – 2020
  • iMac Pro
  • Mac Pro – 2019
  • Mac mini – 2018
  • MacBook Air – 2018 or later
  • MacBook Pro – 2018 or later
About the Author

Snapchatter and Apple fangirl, covers everything about social media, app reviews and Apple news.