What you need to know
- The team behind a T2 Mac vulnerability has set the record straight.
- Checkra1n's Rick Mark says a recent report contained "innacurate" technical details.
- Mark has confirmed that a problem does exist however, and that Apple can't fix it without replacing the T2 chips in its Macs.
A security report from ironPeak regarding a flaw in Apple's T2 chip contained "innacurate" technical details, according to the team behind the exploit.
There were technical details that were inaccurate in the original reporting. This was due to an attempt to rush analysis, due to the importance of this issue. We've since provided corrections to the details in the original IronPeak blog. Moreover several media outlets have misattributed the research that went into the article. Niels is an industry consultant who provided impact analysis of the T2 and checkm8, but was incorrectly referred to as the researcher.
We reported yesterday that Niels Hofmans at ironPeak had written a blog post detailing what he described as a "security vulnerability" found in Apple's T2 chip used in its Mac computers. As per the above, Mark says that the ironPeak report was not fully accurate.
The corrections offered by Mark go into very specific detail about the nature of technical elements of the infrastructure at play and the vulnerability. One notable correction, for example, is that whilst the vulnerability cannot be used to decrypt FileVault 2, as was alluded to in the original report, it can "likely" brute force it, however this is yet to be confirmed.
In his own assessment of the vulnerability, Mark confirms the basic principle of the story, that the T2 vulnerability the team has been working on can't be fixed by Apple without replacing the T2 chip in its Macs:
Apple uses SecureROM in the early stages of boot. ROM cannot be altered after fabrication and is done so to prevent modifications. This usually prevents an attacker from placing malware at the beginning of the boot chain, but in this case also prevents Apple from fixing the SecureROM. The net effect is Apple cannot fix this problem without replacing the T2 chip, but as long as a machine is bootable into DFU, it can be "repaired" by a trustworthy second machine.
We may earn a commission for purchases using our links. Learn more.
iPhone 12 Pro review: Flat-out incredible
The iPhone 12 Pro may not stand head and shoulders above the iPhone 12 like the 11 Pro did over the 11, but this is still Apple's most well-rounded phone. Even though it's flat.
Apple One: A services bundle that can save you up to $25/month
Apple announced a new services bundle that includes Apple Music, Apple Fitness+, Apple Arcade, Apple TV+, and Apple News+ at discounted prices.
Apple closes its stores in France to prepare for a national lockdown
In order to comply with the country's national lockdown mandate, Apple has closed its retail stores in France until at least November 1.
Show off your sophisticated side with these leather Apple Watch bands
You can get a stylish leather band for your Apple Watch no matter your price point. Here are some options.