‘Unpachable’ T2 Chip Vulnerability Allegedly Exposing Macs, iPad Pro Devices
According to a security researcher at ironPeak Services, an ‘unpatchable’ vulnerability in Apple’s second-generation T2 security chip is completely exposing Macs and iPad Pro devices and that news agencies and Apple are declining to act and report about the matter.
All recent macOS devices you the embedded T2 security chip or Secure Enclave Processor (SEP), a custom ARM processor designed by Apple and based on the A10 ARM processor found in iPhones that performs a predefined set of tasks for macOS.
The researcher alleges that the mini operating system on the T2 (SepOS) suffers from a security vulnerability also found in the iPhone X since it contains a processor based on the iOS A10 processor.
Using the checkm8 exploit originally made for iPhones, the checkra1n exploit was developed to build a semi-tethered exploit. This can be used to e.g. circumvent activation lock, allowing stolen iPhones or macOS devices to be reset and sold on the black market.
Normally the T2 chip will exit with a fatal error if it is in DFU mode and it detects a decryption call, but thanks to the blackbird vulnerability by team Pangu, we can completely circumvent that check and do whatever we please.
Since sepOS/BootROM is Read-Only Memory for security reasons, interestingly, Apple cannot patch this core vulnerability without a new hardware revision.
Fortunately, though, this is not a persistent vulnerability and requires a hardware insert or other attached component such as a malicious USB-C cable.
You can learn more about the vulnerability at this link.