A chip-level flaw in Intel-made silicon could render many of the chipmaker's security features useless, though recent Macs are safe.
Inherent vulnerabilities in Intel chips have been a common theme over the past couple of years, with major flaws exploits like Meltdown, Spectre and ZombieLoad impacting virtually all Intel-equipped devices.
In 2019, security researchers at Positive Technologies discovered another issue with Intel chips. Specifically, it's a vulnerability affecting Intel's Converged Security Management Engine, a key security feature in Intel technology and firmware running on Intel hardware.
Along with loading and varying BIOS and power management firmware, CSME also provides the "cryptographic basis" for features such as Digital Rights Management (DRM) technologies, firmware-based trusted platform modules (TPMs), or Intel's own Enhanced Privacy ID.
Intel released a patch in 2019 to mitigate the issue, but researchers at Positive Technologies have found it to be much worse than originally anticipated. New research published on Thursday indicates that the vulnerability can be exploited to recover a root cryptographic key, potentially granting an attacker access to everything on a device's data.
That could be a major problem for DRM-protected media. Used offensively, the flaw could be leveraged to decrypt traffic inbound or outbound from the impacted device. On a larger scale, it could be used on Intel-based servers.
Though past Intel vulnerabilities have affected Apple devices, this flaw doesn't impact recent Macs equipped with an Apple T1 or T2 chip. Since those chips are based on first-party technology and boot before any Intel chips, a user's encryption keys are safe.
Of course, older Macs without a T-series chip — or the present iMac lineup minus the iMac Pro — may be vulnerable to the exploit, which could affect FileVault encryption. The flaw is unpatchable and Intel advises that users "maintain physical possession" of their devices as there is no way to use the attack vector remotely by clicking on a bad advertisement, for instance.
Intel points out that 10th-generation chips are safe from it, however. The vulnerability, and others like it, is also one of many potential reasons why Apple may soon move its Macs over to ARM-based processors.
34 Comments
FileVault protection on older Macs is useless?
What do you say other than "Yikes"?
Yet another reason for Apple to ditch Intel for ARM as soon as it can, as the article states at the end.
Sure, but FileVault exists because you can't always guarantee physical security of your Macs.