Luca Todesco teases SEPROM code execution with checkra1n

Luca Todesco teases SEPROM code execution with checkra1n




Nearing the end of last month, the Pangu Team took the stage at MOSEC 2020 to discuss a plethora of interesting topics, one of which really stood out from the rest. We’re of course talking about the unpatchable hardware based SEPROM vulnerability that targets a device’s secure enclave processor (SEP).


It wasn’t long after the SEPROM vulnerability was discovered and notes about it were published that famous hackers like Luca Todesco of the checkra1n team began tinkering with it. In fact, it was only yesterday that Todesco Tweeted some particularly eye-catching photos of checkra1n integration on an iOS device and of a T2-equipped Mac running the vulnerability as shown by the Touch Bar’s OLED display:




According to Todesco, “all roots of trust in currently shipping T2 Macs are compromised.” But we knew this already because Todesco has been hacking the Mac’s T2 chip for quite some time now.


Adding fuel to the existing fire, Intel-equipped Macs now have SecureROM and SEPROM exploits to contend with, effectively handing full control of any modern Mac back to any user who is able to harness these exploits, as security researcher Will Strafach noted:





The potential ramifications are also evident. A fully compromised security system that was designed by Apple to keep information safe could and would allow a hacker to do basically whatever they wanted with a vulnerable machine’s data.


It’ ..

Support the originator by clicking the read the rest link below.