Critical vulnerability found in iMac, Mac Pro, Mac mini and MacBook chips

According to security specialists, all Intel Mac devices using Apple’s T2 security chip are vulnerable to a flaw that would allow hackers to bypass disk encryption, firmware passwords, and the entire T2 security verification chain.

Apple’s custom silicone T2 coprocessor is present on newer Mac computers and works with encrypted storage and secure boot capabilities, among other security features. In one publication, researcher Niels Hofmans mentions that because the chip is based on an A10 processor, it becomes vulnerable to the same checkm8 exploit, used to jailbreak iOS devices.

Exploiting this flaw would allow threat actors to hijack the T2 SepOS operating system boot process to gain access to the hardware. This chip is affected by a critical failure when in device firmware update mode, which would allow threat actors to evade security measures and gain access to the T2 chip.

By gaining access, threat actors have full root access, although it is impossible for them to directly decrypt files stored using FileVault 2 encryption. Hackers could inject a keylogger and steal the data needed for decryption.

For security, SepOS is stored in the ROM of the T2 chip, so Apple cannot fix the flaw with a software update. Fortunately it’s not all bad news, as this also means that the vulnerability is not persistent, so a threat actor who wants to exploit the flaw would require inserting a software component into the affected device.

Hofmans adds that he has been in communication with Apple, but is still waiting for a response from the company. Meanwhile, users of potentially affected devices can protect themselves by keeping their machines physically safe and avoiding the use of untrusted USB-C cables and devices.