Apple iMac Pro and Secure Storage
Duo's security team explores how the T2 coprocessor is being used by Apple and how it fits into the larger system security model, as well as how this may evolve in the future.
Pepijn Bruienne was formerly an R&D Engineer at Duo Security and a former long-time Mac Admin who recently made the jump from administering Macs to breaking them in order to better protect them for his employer's customers. Prior to that he worked for the University of Michigan as a senior Mac operations and development specialist, at Cengage Learning as a Senior Mac systems administrator and various other smaller Mac-based shops in a darker past. He has written a number of FOSS tools for Mac admins and contributed to a number of other projects as well.
Duo's security team explores how the T2 coprocessor is being used by Apple and how it fits into the larger system security model, as well as how this may evolve in the future.
The security research team at Duo known as Duo Labs has published a research paper on Apple’s EFI firmware security - learn more about their findings and recommendations, including a link to security tools developed to mitigate the risk. Get the full technical paper here.
An attacker can send phishing dialogs to users by writing a few lines of AppleScript, effectively allowing them to steal Apple ID or local user account credentials. Here’s our technical overview of the dangers of AppleScript.