[acolumb]

There is a team taking advantage (jailbreaking on iOS) of the security flaw in all A-series chips up to A11 in the hardware-level bootloader. The T2 in your 2018 or newer Mac is a variant of the A10.

The bootROM flaw allows for an exploit that can only be executed with physical access, another Mac and DFU mode. It's not persistent.

The main use of this exploit was to install unsigned code on iOS devices (jailbreaking.) The team is doing it for free, however many contributors take advantage of Apple's bug bounty program for income, therefore making newer devices more secure.

[aunali1]

I would say it is persistent enough to be malicious. The T2 does not reboot, with the exception occuring during a DFU restore, extremely drained battery, or firmware update. With that in mind, a party intending harm would have more than enough time.