Is MacOS becoming vulnerable to cyberattacks? Surprisingly yes.

Published October 15th, 2020 by Bayon Technologies Group

We usually hear about trojans and hackers targeting Windows users, however, security researchers have found some flaws that might pose a high threat to the entire macOS platform, especially MacBook Air and MacBook Pro machines.

With the flaw being located in the read-only memory portion of the T2, this particular issue is technically unpatchable, which leaves user’s data exposed to perpetrators and malicious actors.

This exploit relies on a code that was previously created to jailbreak the iPhone X handsets.

As stated by Mahit Huilgoi a tech and automobile aficionado "The exploit is called check8 and was developed initially for iPhone X. Interestingly, the iPhone X is powered by A10 processor, and the T2 chip is also modeled after the A10 processor. Typically, the T2 chip throws a fatal error whenever it gets a decryption call. However, the attackers can circumvent the check with the help of a blackbird vulnerability. The worst part is that sepOS/BootROM is Read-Only memory, which means Apple will not be able to patch this without changing the hardware."

This exploit makes it possible to gain total control over the core operating system, giving hackers and perpetrators access to extract sensitive data and allowing keylogging software or trojans to be installed in any device.

The main reason why this exploit is being called unpatchable is that since it’s located in the T2 chip, it’s not really classified as a security issue therefore it cannot be patched by a firmware update. However, Apple did release a statement about re-engineering the chip so that the Mac machines coming out of the factory will have patched hardware.

A Belgian security firm Iron Peak stated "TL;DR: all recent macOS devices are no longer safe to use if left alone, even if you have them powered down. Also, The root of trust on macOS is inherently broken; They can brute force your FileVault2 volume password; They can alter your macOS installation; They can load arbitrary kernel extensions; Only possible on physical access."

The impact of this exploit affects substantially the trust that users have placed into Apple machines and devices and just gives us a reminder that no machine or device is really safe from cyberattacks so it’s imperative that you have a plan in place to protect yourself and your business.

‹ Back