CheckM8 iCloud Activation Lock Bypass

Does Apple T2 Chip Really have a Security Flow Which Can’t Be Patched?

 Does Apple T2 Chip Really have a Security Flow Which Can’t Be Patched?

A security researcher states that Apple T2 chips contain an unpatchable vulnerability making it possible for hackers to bypass Mac’s disc encryption, firmware, passwords and so on.

Here is what Neils Hofmans from ironPeak says:

“The mini operating system on the T2 (SepOS) suffers from a security vulnerable also found in the iPhone X since it contains a processor based on the iOS A10 processor. Exploitation of this type of processor is very actively discussed in the /r/jailbreak subreddit.

So using the checkm8 exploit originally made for iPhones, the checkra1n exploit was developed to build a semi-tethered exploit for the T2 security chip, exploiting a flaw. This could be used to e.g. circumvent activation lock, allowing stolen iPhones or macOS devices to be reset and sold on the black market.

Normally the T2 chip will exit with a fatal error if it is in DFU mode and it detects a decryption call, but thanks to the blackbird vulnerability by team Pangu, we can completely circumvent that check in the SEP and do whatever we please.

According to Hofmans, this vulnerability can’t be patched. At the same time, he says it’s not a “persistent vulnerability”. This Hofmans claim means that a hacker would need a hardware insert, or a kind of “other attached component” like a malevolent USB-C cable, to take advantage of this vulnerability.

His report was continued as follows:

Once you have access on the T2, you have full root access and kernel execution privileges since the kernel is rewritten before execution. Good news is that if you are using FileVault2 as disk encryption, they do not have access to your data on disk immediately. They can however inject a keylogger in the T2 firmware since it manages keyboard access, storing your password for retrieval or transmitting it in the case of a malicious hardware attachment.

This report also contains information saying that Find My Mac feature for remote Apple Devices locking can be bypassed if you lost your Mac or it was stolen.

The blog also says that this vulnerability was reported to Apple more than once, but they did not respond. It looks like Apple isn’t going to release a public statement. Instead, the chances are, they will just develop a new patched T2 chip for the next Macs. According to the report, the bottom line is that "macOS devices are no longer safe to use if left alone, even if you have them powered down." Checkra1n jailbreak and checkm8 exploit are the tools used to brute-force a FileVault2 volume password, adjust your macOS installation, and load arbitrary kernel extensions. Once again, the report emphasizes that the physical access is the only way to accomplish that.

Other security expert Will Strafach has responded to this post via Twitter to calm things down about this issue:

  • T2 is and has been vulnerable to checkm8, released in late 2019.
  • What is proven: with physical access to such a computer and time to reboot into DFU to apply checkm8, one can boot arbitrary code on the T2.
  • What is not proven: any sort of useful persistence. property lists on the Data partition could be modified, which is not great, but there is no evidence yet that one can persist unauthorized code through a full and proper reboot.
  • There is a pretty big issue with the T2, but it seems important to gather precise facts about what is or is not a risk prior to putting info out there.

Strafach agreed with ironPeak’s statement that Apple was supposed to respond to this issue somehow. This is what he said:

“Apple should have really said something by now. I think it is causing more confusion by not directly addressing the matter.”

Bypass Mac T2 Software: Activation Lock, MDM, EFI, PIN

The CheckM8 Dev Team has developed a software for bypassing Activation, EFI firmware, System PIM and MDM Lock on Mac device with Apple T2 Security Chip.

Unlock Software for iPhone, iPad, Mac

Remove iCloud Activation Lock Screen

Checkm8 is a reliable tool for remote iCloud Activation Lock Screen removal on iPhone & iPad running on iOS 12.4 up to iOS 14.3

Remove iCloud Activation Lock Screen
LEARN MORE

Unlock Passcode Disabled iPhone & iPad

Checkm8 is ready to remove a passcode and unlock Disabled iPhone & iPad running on iOS 13 up to iOS 13.7

 Unlock Passcode Disabled iPhone & iPad
LEARN MORE

Bypass Mac Activation Lock Screen

Easily Bypass Mac Activation Lock Screen on your computer even if you forgot the correct Apple ID and password.

 Bypass Mac Activation Lock Screen
LEARN MORE

EFI Unlock Software

The CheckM8 tool provides a quick solution to remove Mac EFI security firmware (BIOS) password protection

CheckM8 EFI Unlock Software
LEARN MORE

iCloud PIN Passcode Unlock Software

Use CheckM8 Software to remove iCloud System Pin passcode Lock on Mac T2 device just in 1 click!

CheckM8 EFI Unlock Software
LEARN MORE

Mac MDM Bypass Software

Unlock MacBook without MDM key distantly using CheckM8 Mac MDM bypass software.

Mac MDM Bypass Software
LEARN MORE

FixM8 - The Ultimate Free iOS Utility

FixM8 Utility designed for reset iPhone or iPad without Apple ID (iCloud) password, updating iOS and iTunes to factory settings.

FixM8 - The Ultimate Free iOS Utility
LEARN MORE

iActivate - iPhone & iPad MDM Bypass Software

Software was designed to Bypass MDM (Mobile Device Management) Configuration Profile on any iPhone & iPad running up to iOS 14.3

iActivate - The MDM Bypass Software
LEARN MORE

Official CheckM8 Telegram Channel

Stay on top of software updates, news, discounts, and more!