Security News > 2020 > October > Unpatched Apple T2 Chip Flaw Plagues Macs

Unpatched Apple T2 Chip Flaw Plagues Macs
2020-10-06 14:16

A researcher is claiming that Apple devices - with a macOS operating system and a T2 security chip - are open to an exploit that could give bad actors root access.

The flaw stems from the T2 chip, which is the second-generation version of Apple's chip that provides bolstered security - including securing its Touch ID feature, as well as providing the foundation for encrypted storage and secure boot capabilities.

Macs sold between 2018 and 2020 have the embedded T2 chip and are affected by this issue.

"Apple left a debugging interface open in the T2 security chip shipping to customers, allowing anyone to enter Device Firmware Update mode without authentication," said Niels H. "An example cable that can be used to perform low-level CPU & T2 debugging is the JTAG/SWD debug cable found on the internet. Using the debug cable requires demotion however to switch it from a production state, which is possible via the checkm8 exploit."

Niels H. said if users suspect that their systems are being tampered with, to use Apple Configurator to reinstall bridgeOS on the T2 chip.


News URL

https://threatpost.com/apple-t2-flaw-macs/159866/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349