Security researchers claim that they can jailbreak Mac and MacBook devices that include Apple’s latest security chip (T2) by combining two exploits that were initially developed to jailbreak iPhones.
While the exploitation is still quite complex, the technology used on the Twitter platform has been mentioned during the past few weeks, after it was tested by top security and jailbreak experts.
If properly exploited, the technology enables users to take full control of their devices, modify the basic operating system behavior, recover sensitive or encrypted data, as well as plant malware.
The T2 chip was announced in 2017, and Apple has been adding it to all of its retail devices since 2018.
Its role is to act as a separate CPU, and by default, it handles audio processing and many low-level I / O functions; To help relieve the load on the main CPU.
However, it also acts as a security chip – like the Secure Zone Processor (SEP) – that handles sensitive data, such as: encryption, KeyChain passwords, TouchID authentication, encrypted device storage, and Secure Boot.
In other words, it has an important role to play in every modern Apple device, as the chip supports most of the security features.
Over the summer, security researchers discovered a way to crack T2 and found a way to run the code inside the security chip during boot.
The attack required the combination of two exploits that were initially designed to jailbreak iOS devices – Checkm8 and Blackbird.
According to a post from the Belgian security company (IronPeak), jailbreaking the security chip (T2) involves connecting to a Mac or MacBook via USB-C, and running version 0.11.0 of Checkra1n jailbreaking during the operating system booting process.
As for ironpeak, this is because Apple has left the debugging interface open in customers’ T2 security chips, allowing anyone to enter Device Firmware Update (DFU) mode without authentication.
Using this method, it is possible to create a (USB-C) cable that can automatically exploit the (macOS) device upon launch.
Given that this is a hardware related issue, all T2 chips should be considered irreparable.
The only way for users to deal with the fallout from the attack is by reinstalling BridgeOS, the T2 chip operating system.