[tumult]

Any news about the T2 chip ending up being a way to silently implant malware in all Intel-based Macs that have it? Refunds? Replacements? Anything? Bueller? https://arstechnica.com/information-technology/2020/10/apple...

I don't really know why anyone would take Apple's hardware security claims at face value after this.

edit: more links, though they're all pretty similar.

https://www.wired.com/story/apple-t2-chip-unfixable-flaw-jai...

https://appleinsider.com/articles/20/10/05/apples-mac-t2-chi...

https://www.zdnet.com/article/hackers-claim-they-can-now-jai...

https://www.theregister.com/2020/10/08/apple_t2_security_chi...

edit 2:

If this is wrong, I'd like to know the truth! Really! Was it a hoax? Is there a patch? What happened?

[quit32]

What is really egregious is that apple still touts the T2 security benefits on their site and completely ignores the fact that it can be compromised. This in fact does make it harder to take Apple's hardware security claims at face value knowing what they know about T2 vs what they put out in their resources.

[saagarjha]

Apple silicon Macs are not vulnerable.

[tumult]

OK. But what about the Intel Macs they sold to millions of people, with the claim that they had hardware security that instead turned out to be a liability? Why should anyone believe the M1 Macs won't end up the same way? That seems pretty relevant to me. Do they take this seriously, or are they just posturing?

[judge2020]

Consumer protection doesn't apply to broad statements like "secure". Just because a kwikset advertises "For use on exterior doors where keyed entry and security is needed" doesn't mean you're entitled to a refund if someone picks it, even if kwiksets are usually seen as low-security locks.

https://www.kwikset.com/products/detail/780-deadbolt-keyed-o...

[tumult]

Yes, that's why I'm saying the people need to pay attention to the track record of the organization and their past credibility.

[judge2020]

> Refunds? Replacements? Anything? Bueller?

[tumult]

Their track record includes their responses to issues like these. If they ignore it, that's worse than trying to rectify it or address or mitigate its severity.

[imwillofficial]

“Why should anyone believe..” Vulnerabilities are found constantly, that’s a feature not a bug. Apple has earned a decent amount of respect in this area. They have also earned a healthy verification of whatever security claims where are due to some pretty high profile bugs.

[tumult]

If you're talking about the iPhone, yes. But they lost a bunch with their desktop computers with this unaddressed, apparently very real problem. Unless there is some news and it turned out to be a hoax? But it seems real.

[my123]

It does not reduce the security level to at or below the one of any regular PC.

The bootrom bug requires DFU and physical access to be triggered, which is already game over on most systems. Apple also doesn’t solely rely on measured boot for the encryption keys (unlike default BitLocker configuration with TPM).

[tumult]

It was specifically a selling point of these computers. One of the headlining features. (As I said in my earlier comment, "with the claim that they had hardware security")