Source: iMore
What you need to know
- The team behind a T2 Mac vulnerability has set the record straight.
- Checkra1n's Rick Mark says a recent report contained "innacurate" technical details.
- Mark has confirmed that a problem does exist however, and that Apple can't fix it without replacing the T2 chips in its Macs.
A security report from ironPeak regarding a flaw in Apple's T2 chip contained "innacurate" technical details, according to the team behind the exploit.
Checkra1n's Rick Mark made the revelation in a recent blog post stating:
There were technical details that were inaccurate in the original reporting. This was due to an attempt to rush analysis, due to the importance of this issue. We've since provided corrections to the details in the original IronPeak blog. Moreover several media outlets have misattributed the research that went into the article. Niels is an industry consultant who provided impact analysis of the T2 and checkm8, but was incorrectly referred to as the researcher.
We reported yesterday that Niels Hofmans at ironPeak had written a blog post detailing what he described as a "security vulnerability" found in Apple's T2 chip used in its Mac computers. As per the above, Mark says that the ironPeak report was not fully accurate.
The corrections offered by Mark go into very specific detail about the nature of technical elements of the infrastructure at play and the vulnerability. One notable correction, for example, is that whilst the vulnerability cannot be used to decrypt FileVault 2, as was alluded to in the original report, it can "likely" brute force it, however this is yet to be confirmed.
In his own assessment of the vulnerability, Mark confirms the basic principle of the story, that the T2 vulnerability the team has been working on can't be fixed by Apple without replacing the T2 chip in its Macs:
Apple uses SecureROM in the early stages of boot. ROM cannot be altered after fabrication and is done so to prevent modifications. This usually prevents an attacker from placing malware at the beginning of the boot chain, but in this case also prevents Apple from fixing the SecureROM. The net effect is Apple cannot fix this problem without replacing the T2 chip, but as long as a machine is bootable into DFU, it can be "repaired" by a trustworthy second machine.
You can read Mark's own notes on checkra1n and the T2, as well as his recent comments on the ironPeak report here.
Betas never stop: The fourth developer beta for watchOS 8.7 is out now!
The fourth beta of watchOS 8.7 is now available to developers.
Review: Tribit StormBox Pro delivers exceptional 360-degree sound
This portable speaker features a tower design and delivers 360-degree audio at an affordable price. Plus, it doubles as a power bank and can charge your devices on the go!
Review: Are these headphones worth $50 more than Apple's AirPods Max?
The latest Master & Dynamic audio product is here. The MW75 headphones have much to offer including a high price.
Need to print something from your iPhone? Check out these printers!
Printers are a reliable way of obtaining a physical copy of documents. Even if you're mostly using your iPhone or iPad for everyday computing, AirPrint capable printers will keep you printing with no problems. Here are some of our favorites!