New Intel chip flaw threatens encryption, but Macs are safe

By Mike Peterson

A chip-level flaw in Intel-made silicon could render many of the chipmaker's security features useless, though recent Macs are safe.

While the vulnerability affects all recent Intel processors, 10th-generation CPUs and T1 and T2-equipped Macs are safe from it.

Inherent vulnerabilities in Intel chips have been a common theme over the past couple of years, with major flaws exploits like Meltdown, Spectre and ZombieLoad impacting virtually all Intel-equipped devices.

In 2019, security researchers at Positive Technologies discovered another issue with Intel chips. Specifically, it's a vulnerability affecting Intel's Converged Security Management Engine, a key security feature in Intel technology and firmware running on Intel hardware.

Along with loading and varying BIOS and power management firmware, CSME also provides the "cryptographic basis" for features such as Digital Rights Management (DRM) technologies, firmware-based trusted platform modules (TPMs), or Intel's own Enhanced Privacy ID.

Intel released a patch in 2019 to mitigate the issue, but researchers at Positive Technologies have found it to be much worse than originally anticipated. New research published on Thursday indicates that the vulnerability can be exploited to recover a root cryptographic key, potentially granting an attacker access to everything on a device's data.

That could be a major problem for DRM-protected media. Used offensively, the flaw could be leveraged to decrypt traffic inbound or outbound from the impacted device. On a larger scale, it could be used on Intel-based servers.

Though past Intel vulnerabilities have affected Apple devices, this flaw doesn't impact recent Macs equipped with an Apple T1 or T2 chip. Since those chips are based on first-party technology and boot before any Intel chips, a user's encryption keys are safe.

Of course, older Macs without a T-series chip -- or the present iMac lineup minus the iMac Pro -- may be vulnerable to the exploit, which could affect FileVault encryption. The flaw is unpatchable and Intel advises that users "maintain physical possession" of their devices as there is no way to use the attack vector remotely by clicking on a bad advertisement, for instance.

Intel points out that 10th-generation chips are safe from it, however. The vulnerability, and others like it, is also one of many potential reasons why Apple may soon move its Macs over to ARM-based processors.