Apple's T2 Security Chip Vulnerable to Attack Via USB-C

by

After it was reported last week that Apple's T2 Security Chip could be vulnerable to jailbreaking, the team behind the exploit have released an extensive report and demonstration.

t2checkm8 1

Apple's custom-silicon T2 co-processor is present in newer Macs and handles encrypted storage and secure boot capabilities, as well as several other controller features. It appears that since the chip is based on an Apple A10 processor, it is vulnerable to the same "checkm8" exploit that has been used to jailbreak iOS devices.

The vulnerability allows for the hijacking of the T2's boot process to gain access to the hardware. Normally the T2 chip exits with a fatal error if it is in Device Firmware Update (DFU) mode and it detects a decryption call, but by using another vulnerability developed by team Pangu, it is possible for a hacker to circumvent this check and gain access to the T2 chip.

Once access is gained, the hacker has full root access and kernel execution privileges, although they cannot directly decrypt files stored using FileVault 2 encryption. However, because the T2 chip manages keyboard access, the hacker could inject a keylogger and steal the password used for decryption. It can also bypass the remote Activation Lock used by services such as MDM and Find My. A firmware password does not prevent this since it too requires keyboard access, which requires the T2 chip to run first.

The exploit can be achieved without user interaction and simply requires a modified USB-C cable to be inserted. By creating a specialized device "about the size of a power charger," an attacker can place a T2 chip into DFU mode, run the "checkra1n" exploit, upload a key logger, and capture all keys. macOS can be left unaltered by the jailbreak, but all keys can still be logged on Mac laptops. This is because MacBook keyboards are directly connected to the T2 and passed through to macOS.

A practical demonstration shows checkra1n being run over USB-C from a host device. The targeted Mac simply displays a black screen while the connected computer confirms that the exploit was successful.

These cables function by allowing access to special debug pins within a USB-C port for the CPU and other chips that are usually only used by Apple.

Apple has not fixed the security flaw and it appears to be unpatchable. For security purposes, the T2's SepOS custom operating system is stored directly in the chip's SEPROM, but this also prevents the exploit from being patched by Apple via a software update.

In the meantime, users can protect themselves from the exploit by keeping their Macs physically secure and avoiding the insertion of untrusted USB-C cables and devices.

Tags: Cybersecurity, Exploit, T2 chip

Popular Stories

iOS 26

Everything New in iOS 26.2 Beta 3

Monday November 17, 2025 3:20 pm PST by
Apple provided developers with the third beta of an upcoming iOS 26.2 update, and there are still new features that are being added with each beta that we get. We've rounded up all of the changes that Apple made in beta 3. AirDrop Apple added new AirDrop functionality, providing a way for two people to share files temporarily without having to add one another as contacts. iOS 26.2...
Read Full Article21 comments
applecare apple care banner

Apple Brings New AppleCare+ Options to India

Tuesday November 18, 2025 8:42 am PST by
Apple today announced an expansion of AppleCare+ coverage in India, with new options for monthly and annual plans, and the addition of Theft and Loss for iPhone for the first time. Options for monthly and annual AppleCare+ plans in India provide more choice and flexibility, allowing users to keep coverage for as long as they require. Apple's vice president of Worldwide iPhone Product...
Read Full Article6 comments
iPhone 17 Pro Cosmic Orange

10 Reasons to Wait for Next Year's iPhone 18 Pro

Wednesday November 19, 2025 4:00 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article92 comments
Apple Wallet ID Illinois

iPhone Driver's License Feature Launching in Illinois

Tuesday November 18, 2025 8:47 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Starting this Wednesday, November 19, the feature will be available to residents of Illinois. The announcement confirmed that the...
Read Full Article69 comments
iPhone 17 Pro and Air N1 Feature

iPhone 17 vs. iPhone 16 Wi-Fi Speeds: New Study Reveals the Winner

Tuesday November 18, 2025 10:53 am PST by
A new study has revealed that the iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air achieve significantly faster average Wi-Fi speeds compared to the iPhone 16 series, thanks to Apple's custom-designed N1 chip. The study was conducted by Ookla, the company behind the popular Speedtest website and app. It said the results are based on global, crowdsourced Speedtest user data...
Read Full Article48 comments
macbook black friday

The Best Early Black Friday Mac Deals

Tuesday November 18, 2025 7:32 am PST by
We're getting closer to Black Friday, which lands next week on Friday, November 28. In the lead-up to the shopping holiday, we're tracking a few lowest-ever prices on Apple's most popular Macs, including the M4 MacBook Air and brand new M5 MacBook Pro. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment,...
Read Full Article1 comments
Magic Keyboard Touch ID Feature

Apple Releases New Firmware for 140W USB-C Power Adapter, Magic Keyboard and Magic Trackpad

Tuesday November 18, 2025 1:05 pm PST by
Apple today released updated firmware for several accessories, including the 140W USB-C Power Adapter, the Magic Trackpad 2, the Magic Trackpad USB-C, the Magic Keyboard with Touch ID, and the Magic Keyboard with Touch ID and Numeric Keypad. There is no word on what's included in the updated firmware at this time, but it could offer performance improvements and security updates. Accessory...
Read Full Article78 comments
ipad mini 7 feature red and blue

iPad Mini 8: Four Major New Features to Expect

Wednesday November 19, 2025 7:50 am PST by
Apple's eighth-generation iPad mini is highly likely to arrive next year, offering a significant refresh of the device with at least four major new features. OLED Display The next-generation version of the iPad mini could feature an OLED display, as part of Apple's plan to expand the display technology across many more of its devices. Apple's first OLED device was the Apple Watch in 2015, ...
Read Full Article61 comments
best early black friday deals

Best Black Friday Apple Deals Live Now - Save on AirPods, iPads, and Apple Watches

Saturday November 15, 2025 1:45 pm PST by
We're officially in the month of Black Friday, which will take place on Friday, November 28 in 2025. As always, this will be the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more. In this article, the majority of the discounts will be found on Amazon. Note: MacRumors is an affiliate partner with some of these vendors. When ...
Read Full Article3 comments
Apple Sports App Preview Feature

Apple Sports App on iPhone Now Available in More European Countries

Monday November 17, 2025 6:27 am PST by
The free Apple Sports app on the iPhone was released in additional European countries today, including Belgium, Croatia, Czechia, the Netherlands, Luxembourg, Poland, Hungary, Denmark, Finland, Norway, Sweden, Switzerland, Slovakia, Slovenia, Serbia, Greece, Estonia, Latvia, Romania, Ukraine, and others. The app was already available in the U.S., the U.K., Canada, Austria, France, Germany,...
Read Full Article22 comments

Top Rated Comments

ElRojito Avatar
ElRojito
67 months ago

So much for a chip that's supposed to be all about security.
We all know the first priority was thwarting third party repair attempts. Working at the Genius Bar, the T2 chip was the biggest pain in my ass.
Score: 35 Votes (Like | Disagree)
otternonsense Avatar
otternonsense
67 months ago
So much for a chip that's supposed to be all about security.
Score: 27 Votes (Like | Disagree)
ruka.snow Avatar
ruka.snow
67 months ago

And what are we gonna do until then? If this is an unfixable, unpatchable possible exploit, isn't it grounds for a mass product recall?
How do you pull mass product recall out of an exploit that needs direct access to the hardware? There will always be exploits in hardware and software. Next up you'll be calling for a class action nonsense.
Score: 13 Votes (Like | Disagree)
djcerla Avatar
djcerla
67 months ago
There’s no such thing as a “secure” chip.

With enough time and effort, everything is hackable.
Score: 10 Votes (Like | Disagree)
Elijen Avatar
Elijen
67 months ago

There’s no such thing as a “secure” chip.

With enough time and effort, everything is hackable.
In cryptography secure system does not mean unhackable. It means the time needed to hack it is reasonably high (e.g. millions of years).
Score: 9 Votes (Like | Disagree)
otternonsense Avatar
otternonsense
67 months ago

Apple Silicon Macs will not need T2 (or T3) chips because it will be presumably built in to the apple chips.
And what are we gonna do until then? If this is an unfixable, unpatchable possible exploit, isn't it grounds for a mass product recall?
Score: 8 Votes (Like | Disagree)
Read All Comments