Apple's T2 Chip Has an Unfixable Vulnerability That Could Allow Root Access
An Anonymous Coward writes:
Information about the vulnerability was provided to Niels H. by security researcher Rick Mark and the checkra1n team, which first discovered the flaw. According to Mark, the checkm8 flaw exists in USB handling in DFU mode.
Normally, the T2 chip's Secure Enclave Processor (SEP) will exit with a fatal error if it detects a decryption call when in DFU mode. That's a security mechanism baked into both Mac and iOS devices through the SEP. However, the exploit can be paired with the Blackbird SEP vulnerability, developed by Pangu, to that security mechanism.
Once an attacker gains access to the T2 chip, they will have full root access and kernel execution privileges. Although they can't decrypt files protected by FileVault 2 encryption, they can inject a keylogger and steal passwords since the T2 chip manages keyboard access.
Read more of this story at SoylentNews.