Apple's T2 Chip Has Unpatchable Security Flaw, Claims Researcher [Updated]

Intel Macs that use Apple's T2 Security Chip are vulnerable to an exploit that could allow a hacker to circumvent disk encryption, firmware passwords and the whole T2 security verification chain, according to team of software jailbreakers.

t2checkm8 1
Apple's custom-silicon T2 co-processor is present in newer Macs and handles encrypted storage and secure boot capabilities, as well as several other controller features. In a blog post, however, security researcher Niels Hofmans notes that because the chip is based on an A10 processor it's vulnerable to the same checkm8 exploit that is used to jailbreak iOS devices.

This vulnerability is reportedly able to hijack the boot process of the T2's SepOS operating system to gain access to the hardware. Normally the T2 chip exits with a fatal error if it is in Device Firmware Update (DFU) mode and it detects a decryption call, but by using another vulnerability developed by team Pangu, Hofmans claims it is possible for a hacker to circumvent this check and gain access to the T2 chip.

Once access is gained, the hacker has full root access and kernel execution privileges, although they can't directly decrypt files stored using FileVault 2 encryption. However, because the T2 chip manages keyboard access, the hacker could inject a keylogger and steal the password used for decryption.

According to Hofmans, the exploit can also bypass the remote device locking function (Activation Lock) that's used by services like MDM and FindMy. A firmware password won't help prevent this either because it requires keyboard access, which requires the T2 chip to run first.

For security reasons, SepOS is stored in the T2 chip’s read-only memory (ROM), but this also prevents the exploit from being patched by Apple with a software update. On the plus side, however, it also means the vulnerability isn't persistent, so it requires a "hardware insert or other attached component such as a malicious USB-C cable" to work.

Hofmans says he has reached out to Apple about the exploit but is still awaiting a response. In the meantime, average users can protect themselves by keeping their machines physically secure and by avoiding plugging in untrusted USB-C cables and devices.

Lastly, the researcher notes that upcoming Apple Silicon Macs use a different boot system, so it's possible that they won't be impacted by the vulnerability, although this is still being actively investigated.

Update: The original report incorrectly referred to Niels Hofmans as the cybersecurity expert who carried out the research. Hofmans is in fact an industry consultant who provided impact analysis of the T2 and checkm8. This has now been corrected.

Top Rated Comments

Bug-Creator Avatar
28 months ago

Apple isn't ready, willing, or able to do the groundwork necessary to keep their chips secure.
How many exploits and hacks have we seen on Intel/AMD chips? How many on non-Apple ARM? How many on support chips (SSD-controllers, WIFI/4G-modems)?

How many in Win/Android vs macOS/iOS?

In the end nothing is ever gonna be 100% safe for ever, but so far Apple's track record is quite good.
Score: 107 Votes (Like | Disagree)
Kung gu Avatar
28 months ago

Another reason why Apple Silicon is a horrible idea. Apple isn't ready, willing, or able to do the groundwork necessary to keep their chips secure. Get used to the Mac going from one of the most secure platforms out there to being ridden with horrible, unpatchable bugs and security exploits.

It's one thing when you can make the OS a walled garden, like with iOS. When you can control the software, you don't need to worry about the hardware being buggy. But unless we're going to have the Mac App Store be the only source for Mac apps, get used to having your computer pwned on a daily basis once Apple Silicon is a reality.
umm, have you seen or heard about intel exploits...
Score: 75 Votes (Like | Disagree)
twistedpixel8 Avatar
28 months ago

How many exploits and hacks have we seen on Intel/AMD chips? How many on non-Apple ARM? How many on support chips (SSD-controllers, WIFI/4G-modems)?

How many in Win/Android vs macOS/iOS?

In the end nothing is ever gonna be 100% safe for ever, but so far Apple's track record is quite good.
Well yes but on a chip whose sole purpose is security...? That’s not great is it.
Score: 36 Votes (Like | Disagree)
jclardy Avatar
28 months ago

Another reason why Apple Silicon is a horrible idea. Apple isn't ready, willing, or able to do the groundwork necessary to keep their chips secure. Get used to the Mac going from one of the most secure platforms out there to being ridden with horrible, unpatchable bugs and security exploits.

It's one thing when you can make the OS a walled garden, like with iOS. When you can control the software, you don't need to worry about the hardware being buggy. But unless we're going to have the Mac App Store be the only source for Mac apps, get used to having your computer pwned on a daily basis once Apple Silicon is a reality.
I guess you already forgot about Meltdown and Spectre? Intel has been shipping vulnerable chips for years.
Score: 34 Votes (Like | Disagree)
Kung gu Avatar
28 months ago

Apple isn't ready, willing, or able to do the groundwork necessary to keep their chips secure.
did u miss the part where I said this is fixed in the A12 and intel chips have even worse security issues..
Score: 28 Votes (Like | Disagree)
farewelwilliams Avatar
28 months ago

Another reason why Apple Silicon is a horrible idea. Apple isn't ready, willing, or able to do the groundwork necessary to keep their chips secure. Get used to the Mac going from one of the most secure platforms out there to being ridden with horrible, unpatchable bugs and security exploits.

Patently false. Such a stupid comment. Apple sold over a billion iPhones (their core business) and you're saying they're not taking necessary steps to keep their chips secure? Sorry, but that's one of the most ridiculous things I've ever heard on this forum.
Score: 25 Votes (Like | Disagree)

Related Stories

half off 1pass 2

Deals Exclusive: Get Your First Year of the 1Password Individual Plan for 50% Off

Wednesday February 16, 2022 10:36 am PST by
We've partnered with 1Password again this month, this time offering our readers a chance to get 50 percent off their first year of 1Password for Individuals. This offer is available to new customers only, and it doesn't require a coupon code. Note: MacRumors is an affiliate partner with 1Password. When you click a link and make a purchase, we may receive a small payment, which helps us keep...
appleprivacyad cleaned

iOS 15 Patched Security Hole That Potentially Exposed Users' Private Apple ID Information to Third-Party Apps

Thursday January 20, 2022 3:32 am PST by
Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update. With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...
homekit showdown 2 thumb

iOS 15.2.1 and iPadOS 15.2.1 Address HomeKit Vulnerability

Wednesday January 12, 2022 10:31 am PST by
Apple today released iOS 15.2.1 and iPadOS 15.2.1, minor updates that include an important security fix for a known HomeKit vulnerability that was first discovered last year. According to Apple's security support document for the update, it addresses an issue that could cause a maliciously crafted HomeKit name to result in a denial of service, causing iPhones and iPads not to work. Apple...
iPhone 13 Security

Apple Apologizes to Researcher for Ignoring iOS Vulnerabilities, Says It's 'Still Investigating'

Monday September 27, 2021 12:55 pm PDT by
Last week, security researcher Denis Tokarev made several zero-day iOS vulnerabilities public after he said that Apple had ignored his reports and had failed to fix the issues for several months. Tokarev today told Motherboard that Apple got in touch after he went public with his complaints and after they saw significant media attention. In an email, Apple apologized for the contact delay...
beats fit pro feature

Apple Releases Updated Firmware for Beats Fit Pro

Tuesday March 22, 2022 11:31 am PDT by
Apple today released a new 4E64 firmware update for the Beats Fit Pro headphones that came out last November, updating the earbuds from the prior 4B65 firmware that came out at the end of November. Apple does not offer information on what's included in refreshed firmware updates for the Beats Fit Pro, so we don't know what improvements or bug fixes the firmware brings. There's no standard ...
Apple vs Microsoft feature

Microsoft Hires Former Apple Chip Architect

Wednesday January 12, 2022 12:05 pm PST by
Microsoft has hired Mike Filippo, a semiconductor designer who formerly worked at Apple as a chip architect, reports Bloomberg. Microsoft is aiming to further expand on chip designs for the servers that power its cloud computing services, and at Microsoft, Filippo will be working on processors for Azure servers. Filippo joined Apple in 2019 after a decade of semiconductor design at Arm,...
m3 feature black

Macs With 'M3' Chips Expected to Use TSMC's 3nm Chip Technology With Test Production Reportedly Underway

Thursday December 2, 2021 7:36 am PST by
Apple's chipmaking partner TSMC has kicked off pilot production of chips built on its 3nm process, known as N3, according to Taiwanese supply chain publication DigiTimes. The report, citing unnamed industry sources, claims that TSMC will move the process to volume production by the fourth quarter of 2022 and start shipping 3nm chips to customers like Apple and Intel in the first quarter of...
mozilla firefox banner fixed

Firefox 95 Brings Security, Performance, and Efficiency Improvements to Mac

Friday December 10, 2021 2:32 am PST by
Mozilla has released Firefox 95, featuring a new version of its security sandboxing subsystem called RLBox, and additional performance and efficiency improvements for the macOS version of the web browser. According to the release notes, RLBox is a new technology that hardens Firefox against potential security vulnerabilities in third-party libraries. The sandbox subsystem works by...

Popular Stories

Emergency SOS via Satellite iPhone YT

Apple's iPhone 14 Emergency SOS via Satellite Feature Saves Stranded Man in Alaska

Thursday December 1, 2022 4:37 pm PST by
With the launch of iOS 16.1, Apple rolled out a Emergency SOS via Satellite, which is designed to allow iPhone 14 owners to contact emergency services using satellite connectivity when no cellular or WiFi connection is available. The feature was put to the test in Alaska today, when a man became stranded in a rural area. In the early hours of the morning on December 1, Alaska State Troopers ...
iPhone Measure Height

Newer iPhones Allow You to Measure Someone's Height Instantly — Here's How

Saturday December 3, 2022 10:23 am PST by
iPhone 12 Pro and Pro Max, iPhone 13 Pro and Pro Max, and iPhone 14 Pro and Pro Max models feature a LiDAR Scanner next to the rear camera that can be used to measure a person's height instantly in Apple's preinstalled Measure app. To measure a person's height, simply open the Measure app, point your iPhone at the person you want to measure, and make sure they are visible on the screen from...
General iOS 16 Feature Yellow

iOS 16.2 for iPhone Launching This Month With These 8 New Features

Thursday December 1, 2022 8:44 am PST by
Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg's Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far. iOS 16.2 introduces a number of new features, including Apple's new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide...
iOS 16

When Will iOS 16.2 Be Released?

Friday December 2, 2022 2:13 pm PST by
Apple in late October began testing iOS 16.2 and iPadOS 16.2 updates, providing betas to both developers and public beta testers. As of now, we've had four total betas, with the fourth beta having been released earlier this week. iOS 16.2 and iPadOS 16.2 are expected before the end of the year, and we thought we'd try to narrow down the launch timeline. With only four betas released since...
14 vs 16 inch mbp m2 pro and max feature 1

Major RAM Upgrade Coming to Next-Generation MacBook Pro

Friday December 2, 2022 2:03 am PST by
The next-generation MacBook Pro models could feature faster RAM, according to a recent report from a reliable source. MacRumors Forums member "Amethyst," who accurately revealed details about the Mac Studio and Studio Display before those products were announced, recently provided information about Apple's upcoming 14- and 16-inch MacBook Pro models. The new machines are expected to feature...
iPad 10 Battery Pull Tabs

iPad 10 Teardown Reveals Why Device Isn't Compatible With Apple Pencil 2

Thursday December 1, 2022 10:48 am PST by
Do-it-yourself repair website iFixit today shared a video teardown of Apple's new 10th-generation iPad, providing a closer look inside the tablet and revealing why the device lacks support for the second-generation Apple Pencil. The teardown reveals the internal layout of the iPad, including its two-cell 7,606 mAh battery, logic board with the A14 Bionic chip, and more. As suspected, the...
android apple fix rcs

Google Again Criticizes Apple for Not Adopting RCS for Messages App: 'Their Texting is Stuck in the 1990s'

Friday December 2, 2022 10:54 am PST by
Google is continuing on with its attempt to convince Apple to adopt the RCS messaging standard, publishing a new "it's time for RCS" blog post. Promoted heavily by Google, RCS or Rich Communication Services is a messaging standard that is designed to replace the current SMS messaging standard. It provides support for higher resolution photos and videos, audio messages, and bigger file sizes, ...
ios 16 2 beta notifiation center

PSA: Older Notifications No Longer Hidden in Notification Center in iOS 16.2 Beta 4

Friday December 2, 2022 5:23 am PST by
In a small but significant change to the way the Notification Center works in the latest iOS 16.2 beta, older notifications are now shown by default without having to swipe up. In the current release as well as earlier versions of iOS 16, users do not automatically see older notifications in the Notification Center like they did in iOS 15, and instead must manually swipe up from the middle...
lastpass

LastPass Hacked for Second Time This Year

Friday December 2, 2022 4:04 am PST by
Password management app LastPass says it is investigating a security incident after an "unauthorized party" compromised its systems on Wednesday and gained access to some customer information. The information was stored in a third-party cloud service shared by LastPass and parent company GoTo, said LastPass CEO Karim Toubba in a blog post. Toubba said the hackers used information stolen from ...
Apple Card Savings

Apple Card Customer Agreement Updated for 'Upcoming' Savings Account Feature

Friday December 2, 2022 11:43 am PST by
Goldman Sachs this week updated its Apple Card customer agreement to reflect the credit card's upcoming Daily Cash savings account feature, which was expected to launch with iOS 16.1 but appears to have been delayed. "To enable new ways to use Daily Cash like the upcoming Savings account feature, we are updating the Daily Cash Program section of your Apple Card Customer Agreement," reads an...