T2 vulnerability report had 'inaccurate' technical details, says team behind research

Close up of USB-C port on MacBook
Close up of USB-C port on MacBook (Image credit: iMore)

What you need to know

  • The team behind a T2 Mac vulnerability has set the record straight.
  • Checkra1n's Rick Mark says a recent report contained "innacurate" technical details.
  • Mark has confirmed that a problem does exist however, and that Apple can't fix it without replacing the T2 chips in its Macs.

A security report from ironPeak regarding a flaw in Apple's T2 chip contained "innacurate" technical details, according to the team behind the exploit.

Checkra1n's Rick Mark made the revelation in a recent blog post stating:

There were technical details that were inaccurate in the original reporting. This was due to an attempt to rush analysis, due to the importance of this issue. We've since provided corrections to the details in the original IronPeak blog. Moreover several media outlets have misattributed the research that went into the article. Niels is an industry consultant who provided impact analysis of the T2 and checkm8, but was incorrectly referred to as the researcher.

We reported yesterday that Niels Hofmans at ironPeak had written a blog post detailing what he described as a "security vulnerability" found in Apple's T2 chip used in its Mac computers. As per the above, Mark says that the ironPeak report was not fully accurate.

The corrections offered by Mark go into very specific detail about the nature of technical elements of the infrastructure at play and the vulnerability. One notable correction, for example, is that whilst the vulnerability cannot be used to decrypt FileVault 2, as was alluded to in the original report, it can "likely" brute force it, however this is yet to be confirmed.

In his own assessment of the vulnerability, Mark confirms the basic principle of the story, that the T2 vulnerability the team has been working on can't be fixed by Apple without replacing the T2 chip in its Macs:

Apple uses SecureROM in the early stages of boot. ROM cannot be altered after fabrication and is done so to prevent modifications. This usually prevents an attacker from placing malware at the beginning of the boot chain, but in this case also prevents Apple from fixing the SecureROM. The net effect is Apple cannot fix this problem without replacing the T2 chip, but as long as a machine is bootable into DFU, it can be "repaired" by a trustworthy second machine.

You can read Mark's own notes on checkra1n and the T2, as well as his recent comments on the ironPeak report here.

Stephen Warwick
News Editor

Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.

Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9