Two years ago, Apple began to implement a proprietary T2 chip in its products, which is responsible for the secure boot of devices running macOS. Recently, an independent researcher reported on a vulnerability he found that could provide attackers with root access to a number of the company’s gadgets bypassing the advanced microcircuit.
According to the blog author IronPeak, macOS devices with Intel processors and a T2 chip are vulnerable to hackers using a form of iOS jailbreak. Considering that the T2 is based on the Apple A10 processor, the problem affects certain iPhone models as well. As soon as an attacker gains access to the chip by connecting via USB Type-C, he will have superuser rights. This will bypass the remote device lock feature. In addition, this method opens up the possibility for hackers to steal passwords, since the microchip controls access to the keyboard.
According to the enthusiast, the problem does not yet have a known software solution. However, due to the nature of the vulnerability and the way the associated exploits work, an attack requires physical access to the device. Thus, users can avoid “hijacking” by not transferring their gadgets to others, and without connecting unverified devices and drives to them.
The researcher has already reported the vulnerability to Apple, but has not yet received an official response from the company.