The T2 chip itself (runs bridgeOS which is like watchOS) do. It is used only to recover the firmware of the T2, AFAIK it can't be used to write to the SSD directly.
The checkra1n team recently showed that all Macs with a T2 chip are vulnerable to checkm8 exploit used to jailbreak iPhones, and this could persist for a while due to the T2 chip staying on between application processor reboots.
This allows override of mic disconnect (except on the newest models which switched to hardware disconnect), Secure Boot/Firmware Password, and allows you to bypass Apple's signing of Intel ME firmware, TB3 firmware, and CPU microcode. Whether or not there is still Intel signing after that is unknown, but there are already some sort of issues with the host key being leaked on that. The one useful feature I can think of is allowing SSD replacement (you still have to find a way to resolder ofc) and Touch Bar customization.
I think the most likely attack vector for this is an evil maid style attack where corrupted T2 firmware is loaded that rewrites the contents of the SSD while macOS is running to launch further exploit code on that platform.
The one thing not to worry about is if you have FileVault turned on with a password, that still can't be cracked because your password is not stored anywhere on the device. But the BitLocker-style automatic encryption with no password that just locks the SSD to that specific T2 chip isn't useful anymore.
hi, thank you for posting this. I was fascinated by the checkm8 exploit since I read about it last September. Completely unknown to me was that T2 Mac's were also vulnerable to this. With all the vulnerabilities that are now open due to this, i'm questioning was it even worth ever putting these chips inside Macbooks? In retrospect, would they have been better off just scrapping this idea completely? Because the way you put it, due to the checkm8 exploit the T2 is now practically useless in everything it was originally meant to do.
The checkra1n team recently showed that all Macs with a T2 chip are vulnerable to checkm8 exploit used to jailbreak iPhones, and this could persist for a while due to the T2 chip staying on between application processor reboots.
This allows override of mic disconnect (except on the newest models which switched to hardware disconnect), Secure Boot/Firmware Password, and allows you to bypass Apple's signing of Intel ME firmware, TB3 firmware, and CPU microcode. Whether or not there is still Intel signing after that is unknown, but there are already some sort of issues with the host key being leaked on that. The one useful feature I can think of is allowing SSD replacement (you still have to find a way to resolder ofc) and Touch Bar customization.
I think the most likely attack vector for this is an evil maid style attack where corrupted T2 firmware is loaded that rewrites the contents of the SSD while macOS is running to launch further exploit code on that platform.
The one thing not to worry about is if you have FileVault turned on with a password, that still can't be cracked because your password is not stored anywhere on the device. But the BitLocker-style automatic encryption with no password that just locks the SSD to that specific T2 chip isn't useful anymore.