The company’s own T2 security chip is responsible for the security of Apple’s Mac computers. Earlier this month, however, researchers found vulnerabilities in the T2 chip that date back to the iPhone 7.

Apple’s T2 security chip is based on the A 10 system chip familiar from the iPhone 7. Security researchers have found that T2 suffers from the same security issues with the A 10 system circuit, which have been extensively learned from, among others, Reddit’s Jailbreak subdivision. Based on the checkm8 attack originally developed for the iPhone, a checkra1n attack has been created that allows direct “jailbreaking” of the T2 chip via the USB Type-C interface. The attack gives the user full root-level and kernel execution privileges, which in turn allows a keylogger to be installed to run on a T2 chip, for example, without the Mac user being aware of it. It can also be used to bypass Apple-enabled remote device locking.

Now t 8012 Development Team -YouTube has released two videos on the subject. In one case, an automatic jailbreak is performed on the T2 chip, and in the second, it demonstrates the MacEFI installed on it, which replaces the Intel firmware and the embedded Apple logo that appears when the machine starts up. The latter video also allows the computer to boot up to macOS.

What makes vulnerabilities particularly problematic is that it is impossible to fix them on a software basis. This means that all Macs with a T2 chip and an Intel processor, that is, virtually years 2018 to 2020 Macs, are vulnerable. Because the attack requires physical access to the computer, its danger to users is naturally limited. However, the attack only succeeds in seconds, making it potentially very dangerous for Macs with sensitive data.

Sources: IronBeak, HotHardware (1), (2)