OSVDB ID: 85942

Title: Apple Laptops TI bq29312 Battery Protection AFE Embedded Controller Default Password

Info

Disclosure

Jul 12, 2011

Discovery

Unknown

Dates

Exploit

Jul 12, 2011

Solution

Unknown

Description

By default, the TI bq29312 Battery Protection AFE Embedded Controller in multiple Apple laptops installs with a default password. The TI bq29312 Battery Protection AFE Embedded Controller has a default unseal password of 0x36720414 and a hardcoded default full access mode password of 0xffffffff. This allows attackers to trivially access the program or system and gain privileged access.

Classification

Location: Physical Access Required
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Change the default password.

Products

Apple Inc.	MacBook	Unspecified
	MacBook Pro	Unspecified
	MacBook Air	Unspecified

References

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85942

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Inc.

MacBook

MacBook Pro

MacBook Air

References

Credit