Apple Joins Intel and Others in the Buggy Silicon Club
Intel and, to a lesser extent, AMD and ARM have been collecting a lot of attention in the last year or so for bugs in their silicon. As everyone tries to tweak every last drop of performance out of their systems or do new and creative things, the risk of a problem increases.
But Apple has been a member of the club before and now it is being reintroduced as a club member.
Apple’s T2 security chip, a repurposed Apple A10 processor, is used in all Macs between 2018 and now. The chip controls the Touch ID and also provides the basis for encrypted storage and secure boot. Not something that you want to be buggy.
The good news is that the attacker needs physical access (think evil maid attack) to the Mac for the attack to work. Given that, the attacker could gain root access and allow the hacker to wreak havoc. The hacker could brute force the Mac’s encrypted file system, FileVault 2 and load arbitrary code.
The researcher contacted Apple multiple times with no response. He also reached out to some Apple pubs, but again no one bit.
I assume that if the claim was bogus, Apple would have stomped all over him quickly.
Alternatively, if there is no fix to this, like there is no fix to the earlier Apple silicon issue called Checkm8, then they might hope it goes away.
JTAG, the industry standard debug port that most hardware has, appears to be the problem here. Many times vendors leave it enabled when they ship devices, hoping no one notices but making it easier to troubleshoot problems. Security says it should be functionally destroyed prior to ship so that there is no way to re-enable it.
This bug is very unlikely to be exploited except in targeted attacks because in addition to requiring physical access to exploit the JTAG “feature” and using the Checkm8 bug, it also loops in another bug called Blackbird.
My guess is that like Checkm8, this bug is unpatchable.
Unlike my PC. I just got shiny new microcode this week for mine. Apple’s design does not allow for that.
Right now, until someone figures out how to exploit this remotely, the risk is low, but keep your eye on your devices. Credit: Threatpost