Password recovery company Passware claims to have found a loophole in the T2 security chip, which is used in some Mac devices.
With this loophole, Passware can break into a password-locked Mac device using the brute force method. But the time it takes is fairly long, because if the password used is weak, it still takes at least 10 hours.
This brute force method has actually been unusable since Apple implemented the T2 chip in 2018. This chip is a "guard" that will lock the Mac if the user enters a certain number of wrong passwords.
This chip is also what "turns off" Passware's brute force software. Without the brute force method, the only way to break into T2's security is to crack its decryption key, which reportedly takes millions of years, even with the most optimal methods.
But now Passware claims to have a new module that can bypass the limit of trying wrong passwords from the T2 chip. Although indeed, the time required is very slow compared to before T2 was used.
In comparison, on a Mac without a T2 chip, the Passware software can guess tens of thousands of passwords every second. But now, even through a newly discovered loophole, Passware can only guess 15 passwords per second.
With such speed, a weak password with a length of six characters can be guessed in about 10 hours, provided that the gap has not been patched by Apple.
Then this step must be done physically, not remotely. This software can only be used on Macs with T2 which still use Intel processors. Meanwhile, for Macs with an M1 chip, Passware is still impenetrable for now.
Passware itself admits that it only sells its software to the government or private companies who can prove that they have the right reasons and do not violate the law to use the software.