A security researcher states that Apple T2 chips contain an unpatchable vulnerability making it possible for hackers to bypass Mac’s disc encryption, firmware, passwords and so on.
“The mini operating system on the T2 (SepOS) suffers from a security vulnerable also found in the iPhone X since it contains a processor based on the iOS A10 processor. Exploitation of this type of processor is very actively discussed in the /r/jailbreak subreddit.
So using the checkm8 exploit originally made for iPhones, the checkra1n exploit was developed to build a semi-tethered exploit for the T2 security chip, exploiting a flaw. This could be used to e.g. circumvent activation lock, allowing stolen iPhones or macOS devices to be reset and sold on the black market.
Normally the T2 chip will exit with a fatal error if it is in DFU mode and it detects a decryption call, but thanks to the blackbird vulnerability by team Pangu, we can completely circumvent that check in the SEP and do whatever we please.
According to Hofmans, this vulnerability can’t be patched. At the same time, he says it’s not a “persistent vulnerability”. This Hofmans claim means that a hacker would need a hardware insert, or a kind of “other attached component” like a malevolent USB-C cable, to take advantage of this vulnerability.
Once you have access on the T2, you have full root access and kernel execution privileges since the kernel is rewritten before execution. Good news is that if you are using FileVault2 as disk encryption, they do not have access to your data on disk immediately. They can however inject a keylogger in the T2 firmware since it manages keyboard access, storing your password for retrieval or transmitting it in the case of a malicious hardware attachment.
This report also contains information saying that Find My Mac feature for remote Apple Devices locking can be bypassed if you lost your Mac or it was stolen.
The blog also says that this vulnerability was reported to Apple more than once, but they did not respond. It looks like Apple isn’t going to release a public statement. Instead, the chances are, they will just develop a new patched T2 chip for the next Macs. According to the report, the bottom line is that "macOS devices are no longer safe to use if left alone, even if you have them powered down." Checkra1n jailbreak and checkm8 exploit are the tools used to brute-force a FileVault2 volume password, adjust your macOS installation, and load arbitrary kernel extensions. Once again, the report emphasizes that the physical access is the only way to accomplish that.
Other security expert Will Strafach has responded to this post via Twitter to calm things down about this issue:
Strafach agreed with ironPeak’s statement that Apple was supposed to respond to this issue somehow. This is what he said:
“Apple should have really said something by now. I think it is causing more confusion by not directly addressing the matter.”
The CheckM8 Dev Team has developed a software for bypassing Activation, EFI firmware, System PIM and MDM Lock on Mac device with Apple T2 Security Chip.
Easy ★ HOW TO BYPASS MDM LOCK ★ guide for Mac computer running macOS Ventura. Detailed instructions for removing MDM profile.
It's super easy to complete the iOS 16 MDM profile bypass for iPhone and iPad using the iActivate service.
Learn How to Bypass iCloud Activation Lock on iPhone with Latest iOS 15
Learn how to how to restore iPhone from DFU Mode using iTunes or Finder on a computer
The user manual describes how to put iPhone into DFU mode: 11, XS, XR, X, 8, 7, 6S, 6 and 5, 5S and iPad.
Each Unlock iCloud Account method described in this in-depth review has its pros and cons. So, choose what suits your needs the best and remove Activation Lock
Best software for APPLE WATCH UNLOCK. Review of the tool that can remove Activation Lock without paired iPhone, Apple ID, and password.
CheckM8.info Telegram bot - you can connect your reseller account here and start processing iCloud Bypass orders via Telegram
Run CheckM8 tool to Bypass iOS 14.6 iCloud Activation Lock. The latest iCloud bypass tool update for iPhone and iPad users supports iOS 14.6.
iOS 14.6 jailbreak and iCloud Activation Lock Bypass ✔️ one-click CheckM8 solution.
Quickest solution - BYPASS ACTIVATION LOCK ON IOS 14.5 - Remove iCloud Lock on iPhone & iPad with single CheckM8 click!
Best tool to bypass iPhone SIM Lock ️remotely (Carrier Lock, SIM not supported, SIM lock screen or SIM not valid issue) for all wireless carrier!
Checkm8 is a reliable tool to bypass iCloud Activation Lock Screen on iPhone & iPad running on iOS 12.3 up to iOS 14.7
LEARN MORE
Meet the new CheckM8 solution for carrier-locked iPhone. Checkm8 is ready to unlock iPhone SIM locked devices running on iOS 12.3 up to iOS 14.7
LEARN MORE
Checkm8 is ready to turn off Find My app and permanent unlock passcode disable iPhone & iPad running on iOS 13 up to iOS 13.7
LEARN MORE
Bypass Mac Activation Lock Screen on Mac computer with T2 chip even if you forgot the correct Apple ID and password.
LEARN MORE
Quick solution to unlok EFI security firmware (BIOS) password protection on any Mac with T2 chip
LEARN MORE
Use CheckM8 Software to remove iCloud System Lock PIN Code on any Mac T2 device just in 1 click!
LEARN MOREWe value our customers and offer beneficial partnerships to wholesale and small businesses. We are happy to work with repair shops, workshops, GSM repair, etc. We offer flexible pricing on our services and software to our partners. At the moment, we are supporting some of the most popular GSM-services, including GMS Fusion and DHRU. We develop client's systems and connect reseller websites to our services through API connections or online.
