Intel Macs that use Apple’s T2 Security Chip are vulnerable to an exploit that could allow a hacker to circumvent disk encryption, firmware passwords and the whole T2 security verification chain, according to a cybersecurity researcher.
Apple’s custom-silicon T2 co-processor is present in newer Macs and handles encrypted storage and secure boot capabilities, as well as several other controller features. In a blog post, however, security researcher Niels Hofmans claims that because the chip is based on an A10 processor it’s vulnerable to the same checkm8 exploit that is used to jailbreak iOS devices.
This vulnerability is reportedly able to hijack the boot process of the T2’s SepOS operating system to gain access to the hardware. Normally the T2 chip exits with a fatal error if it is in Device Firmware Update (DFU) mode and it detects a decryption call, but by using another vulnerability developed by team Pangu, Hofmans