Apple T2: vulnerability discovered for the chip

Apple T2: vulnerability discovered for the chip
A vulnerability has been discovered that afflicts Mac line computers with Intel processors and equipped with the T2 chip: the component created by Apple to ensure the security of systems and information managed is in the sights. Its very nature makes it nearly impossible to correct the problem by releasing a software update.

T2: Apple's security chip compromised

According to the researchers who have revealed it identified is potentially able to grant root permissions to an attacker. Based on ARM architecture (the same as the A10 processor), the chip is responsible for ensuring that operations such as processing audio streams or managing inputs and outputs are not compromised. Inside it includes the BridgeOS software developed by Apple precisely for its operation. This is the description offered by the Cupertino group.

… offers a new level of security thanks to the inclusion of a Secure Enclave coprocessor that protects Touch ID data and forms the basis for new encrypted storage and boot capabilities protected. In addition, the T2 chip's image signal processor works with the FaceTime HD camera to offer improved tone mapping and exposure control, as well as automatic exposure and white balance based on face detection.

Below is the list of computers currently marketed by the bitten apple and equipped with a T2 chip for security, according to what is read on the pages of the official website:

iMac Introduced in 2020; iMac Pro; Mac Pro introduced in 2019; Mac mini introduced in 2018; MacBook Air introduced in 2018 or later; MacBook Pro introduced in 2018 or later. The exploit developed to force and demonstrate vulnerability was called check8. Initially developed for the iPhone X (which integrates the aforementioned A10 processor), it bypasses one of the checks performed by T2 concerning data encryption.

The good news is that the attack cannot be performed remotely: it requires necessarily physical access to the computer and can be perpetrated for example by connecting an external device via USB slot. Following the compromise, keyloggers could be installed to capture and transmit any interaction with the keyboard, thus making one of the protections put in place by Apple with the chip in question useless. The best advice is not to leave your Mac unattended and not to connect pendrive or other peripherals of unknown origin.

Source: ZDNet

No comments:

Powered by Blogger.