{"id":15967,"date":"2020-10-05T21:22:38","date_gmt":"2020-10-05T19:22:38","guid":{"rendered":"https:\/\/www.apfelpatient.de\/?p=15967"},"modified":"2020-10-05T21:26:08","modified_gmt":"2020-10-05T19:26:08","slug":"apple-t2-chip-permanent-vulnerability-discovered","status":"publish","type":"post","link":"https:\/\/www.apfelpatient.de\/en\/news\/apple-t2-chip-permanente-schwachstelle-entdeckt","title":{"rendered":"Apple T2 chip: Permanent vulnerability discovered"},"content":{"rendered":"

Apple's macOS devices, which have an Intel processor and T2 security chip, have a vulnerability that cannot be fixed - at least that's what a security researcher claims.<\/strong><\/p>\n\n\n\n

The so-called T2 security chip, which is used in newer Mac devices, is an Apple Silicon-based co-processor that handles boot and security operations along with disparate functions such as audio processing. Niels H., an independent security researcher, points out that the T2 chip has a serious flaw that cannot be fixed. Since the T2 security chip is based on Apple's A10 processor, it is vulnerable to the same Checkkm8 vulnerability as iOS-based devices. This could allow attackers to bypass the activation lock and carry out other malicious attacks. Normally, the T2 chip will immediately lock when it detects a decryption call in DFU mode. However, the vulnerability can be paired with another vulnerability developed by Pangu that can be used to bypass the DFU security mechanism when exiting DFU. Once an attacker gains access to the T2 chip, they have full root access and kernel execution privileges. <\/p>\n\n\n\n

T2 chip: Apple cannot fix vulnerability<\/h3>\n\n\n\n

Although it cannot decrypt files protected by FileVault encryption, it can inject a keylogger and steal passwords, as the T2 chip manages keyboard access. The vulnerability could also allow manual bypass of security locks through MDM or Find My, as well as the built-in Activation Lock security mechanism. Even a firmware password does not mitigate the problem, as it requires keyboard access. Apple itself also cannot fix the vulnerability without a hardware revision, as the operating system underlying the T2 (SepOS) uses read-only memory for security reasons. On the other hand, this also means that the vulnerability is not persistent \u2013 it requires a hardware component, e.g. a malicious USB-C cable made specifically for this purpose. The security researcher explained<\/a>, he has already contacted Apple about this. But he has not yet received a response. For your information \u2013 The following Mac devices have<\/a> about the Apple T2 security chip:<\/p>\n\n\n\n\n\n\n\n