The Secure Enclave, which is important for the security of Apple, is said to have a security flaw that cannot be fixed.
For securing iPhone and iPad have had a special co-processor since the iPhone 5s, also known as the Secure Enclave. According to reports, however, it is now supposed to be part of the Pangu team, which is known for jailbreaks succeeded be able to crack this security chip. That shouldn’t actually be possible and would be a severe blow to Apple’s security concept. The chip is isolated from the system, stores the most sensitive data such as fingerprint data, FaceID data, encryption keys and promises data security and secure Apple Pay. Obviously, this error makes it possible to access the Secure Enclave, which would even enable an iOS device to be decrypted.
What makes the discovery particularly explosive: The error is said to affect the so-called ROM of the Secure Enclave, a read-only memory that Apple cannot update. The error cannot be corrected with an update, at best by replacing the chip. The security chips in Macs are also said to be affected. Further details were not published, but apparently a bug in the chip’s integrated memory controller has been found.
However, there are obviously restrictions that put the risk into perspective: For example, you need a second vulnerability for access, since you have to access the secured SecureROM or iBoot. For example, devices with an A7 to A11 chip (including iPhone XS and XR) could use the checkm8 vulnerability. But that already blocks many attack methods: Like the expert axmx on Twitter explained, for example, attacks via browser or an app are not possible, you need access to the device itself, connect a cable and be able to boot the device. Before a more detailed presentation of the security gap, one can only make assumptions. (Macworld)