OSVDB ID: 85942

Title: Apple Laptops TI bq29312 Battery Protection AFE Embedded Controller Default Password

Info

Disclosure

Jul 12, 2011

Discovery

Unknown

Dates

Exploit

Jul 12, 2011

Solution

Unknown

Description

By default, the TI bq29312 Battery Protection AFE Embedded Controller in multiple Apple laptops installs with a default password. The TI bq29312 Battery Protection AFE Embedded Controller has a default unseal password of 0x36720414 and a hardcoded default full access mode password of 0xffffffff. This allows attackers to trivially access the program or system and gain privileged access.

Classification

Location: Physical Access Required
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Change the default password.

Products

Apple Inc.

MacBook

Unspecified

MacBook Pro

Unspecified

MacBook Air

Unspecified

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/85942