Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Threat Management, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

New Macbook T2 chips prevent eavesdropping, Apple security updates

Apple’s latest lineup of Macbook includes a security feature to prevent threat actors from carrying out attacks on the device’s microphone that would allow them to eavesdrop on unsuspecting victims.

Apple’s new T2 security chip will be included in the new laptops announced Tuesday Oct. 30 and will protect the device’s encryption keys, storage, fingerprint data and secure boot features and physically cutts the device’s microphone from the rest of the hardware whenever the lid is closed.

“This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,” said the support guide.

The features don’t disconnect the camera however, because Apple said its “field of view is completely obstructed with the lid closed.”

Apple also released multiple security updates to alongside the announcements of its new product lineup.

The patches address vulnerabilities which could allow remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Updates were released for Safari, ICloud for Windowsn iTunes, watchOS, iOs, tvOs, and Mac OSMojave.

The Safari vulnerabilities include two flaws in Safari Reader, one of which could enable a maliciously crafted webpage to carry out universal cross site scripting, arbitrary code execution, and denial of service attacks. Safari also included three WebKit flaws.

The macOS Mojave patch includes fixes for an afpserver bug which could allow a remote threat actor to AFP servers through HTTP clients and an AppleGraphicsControl flaw which could allow an application to execute arbitrary code with system privileges.

Users are encouraged to update their affected devices as soon as possible.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.