What you need to know
- The team behind a T2 Mac vulnerability has set the record straight.
- Checkra1n's Rick Mark says a recent report contained "innacurate" technical details.
- Mark has confirmed that a problem does exist however, and that Apple can't fix it without replacing the T2 chips in its Macs.
A security report from ironPeak regarding a flaw in Apple's T2 chip contained "innacurate" technical details, according to the team behind the exploit.
There were technical details that were inaccurate in the original reporting. This was due to an attempt to rush analysis, due to the importance of this issue. We've since provided corrections to the details in the original IronPeak blog. Moreover several media outlets have misattributed the research that went into the article. Niels is an industry consultant who provided impact analysis of the T2 and checkm8, but was incorrectly referred to as the researcher.
We reported yesterday that Niels Hofmans at ironPeak had written a blog post detailing what he described as a "security vulnerability" found in Apple's T2 chip used in its Mac computers. As per the above, Mark says that the ironPeak report was not fully accurate.
The corrections offered by Mark go into very specific detail about the nature of technical elements of the infrastructure at play and the vulnerability. One notable correction, for example, is that whilst the vulnerability cannot be used to decrypt FileVault 2, as was alluded to in the original report, it can "likely" brute force it, however this is yet to be confirmed.
In his own assessment of the vulnerability, Mark confirms the basic principle of the story, that the T2 vulnerability the team has been working on can't be fixed by Apple without replacing the T2 chip in its Macs:
Apple uses SecureROM in the early stages of boot. ROM cannot be altered after fabrication and is done so to prevent modifications. This usually prevents an attacker from placing malware at the beginning of the boot chain, but in this case also prevents Apple from fixing the SecureROM. The net effect is Apple cannot fix this problem without replacing the T2 chip, but as long as a machine is bootable into DFU, it can be "repaired" by a trustworthy second machine.