Skip to main content

Your MacBook might be hiding a major security vulnerability - here's what you need to know

(Image credit: Future)
Audio player loading…

Hackers claim to have found a way of utilising two exploits originally devised for jailbreaking iPhones to also jailbreak Macs and MacBook devices. The exploit, which has now been verified by top Apple security and jailbreaking experts, makes use of a vulnerability found within the T2 security chips that Apple has been incorporating within all of its devices since 2018.

When executed correctly, this jailbreaking method allows attackers to gain complete control over a victim’s device, enabling them to modify behaviour, retrieve sensitive data or deploy malware. The technique works by combining two existing exploits, Blackbird and Checkm8.

Although both Blackbird and Checkm8 were initially devised for use with iPhones, because of the shared hardware and software features between T2 chips and Apple’s flagship smartphone they are also effective when used on the company's desktop devices.

Unpatchable

At first glance, the T2 chip appears to represent an unlikely avenue for an exploit like this, given that it was devised to handle low-level functions and some audio processing – essentially to lessen some of the burden on the main processor. However, it also functions as a security chip, processing sensitive data, encrypted storage and secure boot capabilities.

According to reports, jailbreaking a T2 chip involves connecting to a Mac or MacBook using a USB-C cable and running the Checkra1n jailbreaking software during the boot-up sequence. This allows a potential attacker to access the Device Firmware Update (DFU) mode without authentication, gain root access to the T2 chip and take control of the device in question.

The implications of this vulnerability are particularly worrying for enterprises or any individual that leaves their Mac unattended for periods of the day. And because this exploit utilises a hardware flaw, it is considered to be unpatchable. Mac users can reinstall the operating system that runs on T2 chips if they suspect that they have been the victim of a cyberattack, but by then the damage may already have been done.

Via ZDNet