Yesterday, new information about the security hole in the Apple T2 chips was published.
No patch possible
According to information from security researchers, it is possible to manipulate the Apple T2 chip. Two different exploits can be used to manipulate the behavior of the chip and introduce malware. According to the security researchers, this security hole cannot be corrected by a software update. The T2 chip has already been installed by Apple in most Mac models for a good two years. The chip is used here primarily for workmanship of HDR content. This includes Netflix streams, for example. However, the primary task of the chip is to protect the security of the user. In the MacBook Pro, this is done, for example, by handling the Touch ID fingerprint sensor or SSD encryption.
Manipulation by two different exploits
According to the latest reports from ZDnet and also ironPeak the T2 chip from Apple can be manipulated with two different exploits. This is possible with Checkm8 and Blackbird. Originally, these two exploits were developed for the jailbreak of iOS devices based on the Apple A10 Fusion. This is the same chip that Apple’s T2 chip is based on. However, the T2 does not require authentication here when it is set to DFU (Device Firmware Update) mode. In DFU mode the behavior of the T2 chip can be influenced. For example to install malware or kernel extensions.
To use these exploits to manipulate the T2 chip, however, access via the hardware is necessary. So without a USB-C connection nothing works here. So it is positive that attacks based purely on software are not possible.
However, Apple can do nothing against these exploits. This is because the ROM of the T2 chip cannot be changed by a software update. This should actually be a security precaution for the T2. However, it is assumed that in the future, hardware revisions will be made so that such things do not happen again.
