Apple's T2 Chip Has Unpatchable Security Flaw, Claims Researcher [Updated]

Intel Macs that use Apple's T2 Security Chip are vulnerable to an exploit that could allow a hacker to circumvent disk encryption, firmware passwords and the whole T2 security verification chain, according to team of software jailbreakers.

t2checkm8 1
Apple's custom-silicon T2 co-processor is present in newer Macs and handles encrypted storage and secure boot capabilities, as well as several other controller features. In a blog post, however, security researcher Niels Hofmans notes that because the chip is based on an A10 processor it's vulnerable to the same checkm8 exploit that is used to jailbreak iOS devices.

This vulnerability is reportedly able to hijack the boot process of the T2's SepOS operating system to gain access to the hardware. Normally the T2 chip exits with a fatal error if it is in Device Firmware Update (DFU) mode and it detects a decryption call, but by using another vulnerability developed by team Pangu, Hofmans claims it is possible for a hacker to circumvent this check and gain access to the T2 chip.

Once access is gained, the hacker has full root access and kernel execution privileges, although they can't directly decrypt files stored using FileVault 2 encryption. However, because the T2 chip manages keyboard access, the hacker could inject a keylogger and steal the password used for decryption.

According to Hofmans, the exploit can also bypass the remote device locking function (Activation Lock) that's used by services like MDM and FindMy. A firmware password won't help prevent this either because it requires keyboard access, which requires the T2 chip to run first.

For security reasons, SepOS is stored in the T2 chip’s read-only memory (ROM), but this also prevents the exploit from being patched by Apple with a software update. On the plus side, however, it also means the vulnerability isn't persistent, so it requires a "hardware insert or other attached component such as a malicious USB-C cable" to work.

Hofmans says he has reached out to Apple about the exploit but is still awaiting a response. In the meantime, average users can protect themselves by keeping their machines physically secure and by avoiding plugging in untrusted USB-C cables and devices.

Lastly, the researcher notes that upcoming Apple Silicon Macs use a different boot system, so it's possible that they won't be impacted by the vulnerability, although this is still being actively investigated.

Update: The original report incorrectly referred to Niels Hofmans as the cybersecurity expert who carried out the research. Hofmans is in fact an industry consultant who provided impact analysis of the T2 and checkm8. This has now been corrected.

Popular Stories

iPhone 17 Pro Render Front Page Tech

iPhone 17 Pro Launching Later This Year With These 8 New Features

Tuesday March 4, 2025 3:15 pm PST by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. iPhone 17 Pro's alleged design via Front Page Tech Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone...
Apple MacBook Air hero

Apple Says New MacBook Air Up to 23x Faster Than Intel-Based Model, But Read the Fine Print

Thursday March 6, 2025 1:46 pm PST by
Apple has a staggering marketing claim for the new MacBook Air with the M4 chip. Specifically, Apple says the new MacBook Air is up to 23x faster than the last Intel-based model. However, there are some details in the fine print to be aware of. First, Apple said it compared a new 2025 MacBook Air with a 10-core M4 chip and 32GB of RAM to a 2020 MacBook Air with a quad-core Intel Core i7...
CarPlay Hero

iOS 18.4 Upgrades CarPlay in Two Ways

Tuesday March 4, 2025 8:39 am PST by
The upcoming iOS 18.4 update for the iPhone includes two smaller but meaningful improvements for Apple's in-car iPhone mirroring system CarPlay. First, CarPlay now shows a third row of icons, up from two rows previously. However, this change is only visible in vehicles with a larger center display. For example, a MacRumors Forums member noticed the change in a Toyota Tundra with a 14-inch...
Apple Intelligence General Feature

Apple Delays Apple Intelligence Siri Features

Friday March 7, 2025 9:35 am PST by
Apple is delaying some of the Apple Intelligence Siri features that it expected to release in iOS 18, an Apple spokesperson said in a statement to Daring Fireball. Apple says that it is going to take longer than expected to roll out the more personalized Siri experience, and that these features will be rolled out "in the coming year.""Siri helps our users find what they need and get things...
ipad air magic keyboard feature

Everything Apple Announced This Week

Wednesday March 5, 2025 4:03 pm PST by
It's been a busy week for Apple, with new products announced on Tuesday and Wednesday. We're now caught up on what's been rumored for a spring launch, so we thought we'd recap everything Apple came out with this week. Subscribe to the MacRumors YouTube channel for more videos. iPad Air Apple updated the iPad Air on Tuesday, updating it with the new M3 chip. The iPad Air still comes in...
iPhone 16 Pro vs iPhone 17 Air Feature

iPhone 17 Air and 17 Pro Max Allegedly Same Size Apart From Thickness

Friday March 7, 2025 2:45 am PST by
Apple's all-new ultra-thin iPhone 17 Air shares the same dimensions as the iPhone 17 Pro Max, with the only difference being in the thickness of the devices, according to the leaker Ice Universe. Posting to their Weibo account, the Chinese leaker today claimed that the iPhone 17 Air and iPhone 17 Pro Max have identical body length, width, screen size, and bezels. "The only difference is the...
Apple MacBook Air hero

Apple Has Finally Solved One of the MacBook Air's Biggest Limitations

Wednesday March 5, 2025 11:29 am PST by
The new MacBook Air has a useful upgrade: it natively supports up to two external displays, in addition to the laptop's built-in display. In other words, the latest MacBook Air can be used with a pair of external displays without needing to keep the laptop's lid closed. Apple's tech specs for the new 13-inch and 15-inch MacBook Air:Simultaneously supports full native resolution on the...
iPhone Fold Vertical Feature

Kuo: Apple's First Foldable iPhone to Feature Book-Style Design, Sell for Over $2,000

Wednesday March 5, 2025 9:26 pm PST by
Apple's first foldable iPhone should arrive around the end of 2026 or early 2027 with a book-style design and a premium price tag of over $2,000, according to analyst Ming-Chi Kuo. In a report today, Kuo outlines his expectations for the device, noting that it will have an approximately 7.8-inch "crease-free" inner display and a 5.5-inch outer display, matching a rumor from last month. Kuo...
iphone 17 pro asherdipps

iPhone 17 Pro Max Said to Be Thicker to Accommodate Larger Battery

Friday March 7, 2025 2:47 am PST by
Apple has increased the thickness of the upcoming iPhone 17 Pro Max compared to the current generation iPhone 16 Pro Max, claims the Chinese leaker known as Ice Universe. Apple is said to have increased the depth of the iPhone 17 Pro Max to 8.725mm, up from 8.25mm on the iPhone 16 Pro Max, which would be a 0.475mm difference in thickness. The increase "surely means a larger battery,"...

Top Rated Comments

Bug-Creator Avatar
58 months ago

Apple isn't ready, willing, or able to do the groundwork necessary to keep their chips secure.
How many exploits and hacks have we seen on Intel/AMD chips? How many on non-Apple ARM? How many on support chips (SSD-controllers, WIFI/4G-modems)?

How many in Win/Android vs macOS/iOS?

In the end nothing is ever gonna be 100% safe for ever, but so far Apple's track record is quite good.
Score: 107 Votes (Like | Disagree)
Kung gu Avatar
58 months ago

Another reason why Apple Silicon is a horrible idea. Apple isn't ready, willing, or able to do the groundwork necessary to keep their chips secure. Get used to the Mac going from one of the most secure platforms out there to being ridden with horrible, unpatchable bugs and security exploits.

It's one thing when you can make the OS a walled garden, like with iOS. When you can control the software, you don't need to worry about the hardware being buggy. But unless we're going to have the Mac App Store be the only source for Mac apps, get used to having your computer pwned on a daily basis once Apple Silicon is a reality.
umm, have you seen or heard about intel exploits...
Score: 75 Votes (Like | Disagree)
twistedpixel8 Avatar
58 months ago

How many exploits and hacks have we seen on Intel/AMD chips? How many on non-Apple ARM? How many on support chips (SSD-controllers, WIFI/4G-modems)?

How many in Win/Android vs macOS/iOS?

In the end nothing is ever gonna be 100% safe for ever, but so far Apple's track record is quite good.
Well yes but on a chip whose sole purpose is security...? That’s not great is it.
Score: 36 Votes (Like | Disagree)
jclardy Avatar
58 months ago

Another reason why Apple Silicon is a horrible idea. Apple isn't ready, willing, or able to do the groundwork necessary to keep their chips secure. Get used to the Mac going from one of the most secure platforms out there to being ridden with horrible, unpatchable bugs and security exploits.

It's one thing when you can make the OS a walled garden, like with iOS. When you can control the software, you don't need to worry about the hardware being buggy. But unless we're going to have the Mac App Store be the only source for Mac apps, get used to having your computer pwned on a daily basis once Apple Silicon is a reality.
I guess you already forgot about Meltdown and Spectre? Intel has been shipping vulnerable chips for years.
Score: 34 Votes (Like | Disagree)
Kung gu Avatar
58 months ago

Apple isn't ready, willing, or able to do the groundwork necessary to keep their chips secure.
did u miss the part where I said this is fixed in the A12 and intel chips have even worse security issues..
Score: 28 Votes (Like | Disagree)
farewelwilliams Avatar
58 months ago

Another reason why Apple Silicon is a horrible idea. Apple isn't ready, willing, or able to do the groundwork necessary to keep their chips secure. Get used to the Mac going from one of the most secure platforms out there to being ridden with horrible, unpatchable bugs and security exploits.

Patently false. Such a stupid comment. Apple sold over a billion iPhones (their core business) and you're saying they're not taking necessary steps to keep their chips secure? Sorry, but that's one of the most ridiculous things I've ever heard on this forum.
Score: 25 Votes (Like | Disagree)