Apple's T2 Security Chip Vulnerable to Attack Via USB-C

by

After it was reported last week that Apple's T2 Security Chip could be vulnerable to jailbreaking, the team behind the exploit have released an extensive report and demonstration.

t2checkm8 1

Apple's custom-silicon T2 co-processor is present in newer Macs and handles encrypted storage and secure boot capabilities, as well as several other controller features. It appears that since the chip is based on an Apple A10 processor, it is vulnerable to the same "checkm8" exploit that has been used to jailbreak iOS devices.

The vulnerability allows for the hijacking of the T2's boot process to gain access to the hardware. Normally the T2 chip exits with a fatal error if it is in Device Firmware Update (DFU) mode and it detects a decryption call, but by using another vulnerability developed by team Pangu, it is possible for a hacker to circumvent this check and gain access to the T2 chip.

Once access is gained, the hacker has full root access and kernel execution privileges, although they cannot directly decrypt files stored using FileVault 2 encryption. However, because the T2 chip manages keyboard access, the hacker could inject a keylogger and steal the password used for decryption. It can also bypass the remote Activation Lock used by services such as MDM and Find My. A firmware password does not prevent this since it too requires keyboard access, which requires the T2 chip to run first.

The exploit can be achieved without user interaction and simply requires a modified USB-C cable to be inserted. By creating a specialized device "about the size of a power charger," an attacker can place a T2 chip into DFU mode, run the "checkra1n" exploit, upload a key logger, and capture all keys. macOS can be left unaltered by the jailbreak, but all keys can still be logged on Mac laptops. This is because MacBook keyboards are directly connected to the T2 and passed through to macOS.

A practical demonstration shows checkra1n being run over USB-C from a host device. The targeted Mac simply displays a black screen while the connected computer confirms that the exploit was successful.

These cables function by allowing access to special debug pins within a USB-C port for the CPU and other chips that are usually only used by Apple.

Apple has not fixed the security flaw and it appears to be unpatchable. For security purposes, the T2's SepOS custom operating system is stored directly in the chip's SEPROM, but this also prevents the exploit from being patched by Apple via a software update.

In the meantime, users can protect themselves from the exploit by keeping their Macs physically secure and avoiding the insertion of untrusted USB-C cables and devices.

Tags: Cybersecurity, Exploit, T2 chip

Popular Stories

AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 2, AirPods Pro 3, and AirPods 4

Thursday November 13, 2025 11:35 am PST by
Apple today released new firmware designed for the AirPods Pro 3, the AirPods 4, and the prior-generation AirPods Pro 2. The AirPods Pro 3 firmware is 8B25, while the AirPods Pro 2 and AirPods 4 firmware is 8B21, all up from the prior 8A358 firmware released in October. There's no word on what's include in the updated firmware, but the AirPods Pro 2, AirPods 4 with ANC, and AirPods Pro 3...
Read Full Article66 comments
CarPlay Pinned Messages

iOS 26.2 Adds New CarPlay Setting

Thursday November 13, 2025 6:48 am PST by
iOS 26 extended pinned conversations in the Messages app to CarPlay, for quick access to your most frequent chats. However, some drivers may prefer the classic view with a list of individual conversations only, and Apple now lets users choose. Apple released the second beta of iOS 26.2 this week, and it introduces a new CarPlay setting for turning off pinned conversations in the Messages...
Read Full Article24 comments
Tesla Charging

Tesla Working to Add Apple CarPlay Support to Vehicles

Thursday November 13, 2025 8:31 am PST by
Tesla is working to add support for Apple CarPlay in its vehicles, Bloomberg's Mark Gurman reports. Tesla vehicles rely on its own infotainment software system, which integrates vehicle functions, navigation, music, web browsing, and more. The automaker has been an outlier in foregoing support for Apple CarPlay, which has otherwise become an industry standard feature, allowing users to...
Read Full Article293 comments
iPhone Pocket Short

iPhone Pocket Now Available to Order, But Already Selling Out

Friday November 14, 2025 6:20 am PST by
Apple recently teamed up with Japanese fashion brand ISSEY MIYAKE to create the iPhone Pocket, a limited-edition knitted accessory designed to carry an iPhone. iPhone Pocket is available to order on Apple's online store starting today, in the United States, France, China, Italy, Japan, Singapore, South Korea, and the United Kingdom. However, it is already completely sold out in the United...
Read Full Article182 comments
tvOS 26 Profiles

tvOS 26.2 Adds a Useful New Feature to Your Apple TV

Friday November 14, 2025 10:02 am PST by
Starting with the upcoming tvOS 26.2 update, currently in beta, additional profiles created on the Apple TV no longer require their own Apple Account. In the Settings app on the Apple TV, under Profiles and Accounts, anyone can create a new profile by simply entering a name and indicating whether the profile is for a kid. The profile will be associated with the primary user's Apple Account,...
Read Full Article
homepod mini thumb feature

New HomePod Mini, Apple TV, and AirTag Were Expected This Year — Where Are They?

Wednesday November 12, 2025 11:42 am PST by
While it was rumored that Apple planned to release new versions of the HomePod mini, Apple TV, and AirTag this year, it is no longer clear if that will still happen. Back in January, Bloomberg's Mark Gurman said Apple planned to release new HomePod mini and Apple TV models "toward the end of the year," while he at one point expected a new AirTag to launch "around the middle of 2025." Yet,...
Read Full Article118 comments
iOS 26

iOS 26.2 Available Next Month With These 8 New Features

Tuesday November 11, 2025 9:48 am PST by
Apple released the first iOS 26.2 beta last week. The upcoming update includes a handful of new features and changes on the iPhone, including a new Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more. In a recent press release, Apple confirmed that iOS 26.2 will be released to all users in December, but it did not provide a specific release date....
Read Full Article68 comments
m1 chip slide

Five Years of Apple Silicon: M1 to M5 Performance Comparison

Monday November 10, 2025 1:08 pm PST by
Today marks the fifth anniversary of the Apple silicon chip that replaced Intel chips in Apple's Mac lineup. The first Apple silicon chip, the M1, was unveiled on November 10, 2020. The M1 debuted in the MacBook Air, Mac mini, and 13-inch MacBook Pro. The M1 chip was impressive when it launched, featuring the "world's fastest CPU core" and industry-leading performance per watt, and it's only ...
Read Full Article177 comments
walmart new ornametns

Walmart Black Friday Deals Begin Today With Low Prices on Headphones, TVs, and More

Friday November 14, 2025 7:55 am PST by
Walmart's Black Friday sale has officially kicked off today, with an online shopping event that's also seeing some matching deals in retail locations. There are quite a few major discounts in this sale, including savings on headphones, TVs, and more. Note: MacRumors is an affiliate partner with Walmart. When you click a link and make a purchase, we may receive a small payment, which helps us...
Read Full Article13 comments
iOS 26

Everything New in iOS 26.2 Beta 2

Wednesday November 12, 2025 3:29 pm PST by
Apple today provided developers with the second beta of iOS 26.2, which adds a few new features worth knowing about. Measure App Apple's Measure app now features a Liquid Glass design for the level, with two Liquid Glass bubbles instead of white circles. Games App There's now an option to sort games in the Games app Library by size, in addition to Name and Recent. CarPlay The...
Read Full Article64 comments

Top Rated Comments

ElRojito Avatar
ElRojito
67 months ago

So much for a chip that's supposed to be all about security.
We all know the first priority was thwarting third party repair attempts. Working at the Genius Bar, the T2 chip was the biggest pain in my ass.
Score: 35 Votes (Like | Disagree)
otternonsense Avatar
otternonsense
67 months ago
So much for a chip that's supposed to be all about security.
Score: 27 Votes (Like | Disagree)
ruka.snow Avatar
ruka.snow
67 months ago

And what are we gonna do until then? If this is an unfixable, unpatchable possible exploit, isn't it grounds for a mass product recall?
How do you pull mass product recall out of an exploit that needs direct access to the hardware? There will always be exploits in hardware and software. Next up you'll be calling for a class action nonsense.
Score: 13 Votes (Like | Disagree)
djcerla Avatar
djcerla
67 months ago
There’s no such thing as a “secure” chip.

With enough time and effort, everything is hackable.
Score: 10 Votes (Like | Disagree)
Elijen Avatar
Elijen
67 months ago

There’s no such thing as a “secure” chip.

With enough time and effort, everything is hackable.
In cryptography secure system does not mean unhackable. It means the time needed to hack it is reasonably high (e.g. millions of years).
Score: 9 Votes (Like | Disagree)
otternonsense Avatar
otternonsense
67 months ago

Apple Silicon Macs will not need T2 (or T3) chips because it will be presumably built in to the apple chips.
And what are we gonna do until then? If this is an unfixable, unpatchable possible exploit, isn't it grounds for a mass product recall?
Score: 8 Votes (Like | Disagree)
Read All Comments