Security researchers have confirmed and demonstrated a major hardware vulnerability in devices manufactured by Apple Computer.
The vulnerability can be exploited by a flaw in the company’s T2 security chip, a co-processor designed to handle encryption and security-related tasks. The hardware was initially described by Apple as introducing “a new level of security” and is included in the company’s line of MacBooks, iPad Pro, Mac Mini, and others by default.
The security protections on the T2 chip can apparently be bypassed by combining two previously identified methods for jailbreaking Apple’s iOS mobile devices, called CheckM8 and Blackbird. By deploying the software at startup, a hacker would be able to take full control of a target device, install malware, and access stored encrypted data.
Because the vulnerability is hardware-based, it is effectively unpatchable. One minor reassurance for device owners is that the exploit requires physical access and can only be deployed by connecting a USB-C cable to the target device.
Apple has yet to release an official comment.