Over the years, Apple has brought as a main security improvement to its devices the Secure Enclave chip that is responsible for encrypting and protecting all sensitive data stored on devices. However, According to the hacker group “Pangu”, found a permanent vulnerability in the Secure Enclave, which could put iPhone users' data at risk, iPad and even Mac.
Secure Enclave is a security coprocessor included in almost all Apple devices that provides an additional layer of security. iPhone devices, Mac, Apple Watch and other Apple devices have all stored data encrypted with random keys, accessible only by Secure Enclave. These keys are not synced with iCloud and are unique to each device.
Although the Secure Enclave chip is integrated into the device, Works completely separately from the rest of the system. This guarantees us that applications will not have access to your private keys, since they can only send requests to decrypt specific data.
This does not mean that hackers do not find vulnerabilities related to Secure Enclave. In 2017, There was already a group that managed to decipher its firmware to explore how the component works. However, Could not access private keys.
Now, The Chinese Hacker Team “Pangu” you have found an exploit with no solution, or, In English, “Unpatchable”, which could lead to breaking the encryption of the private security keys contained in the chip.
Although there are currently no details on what exactly attackers can do with this specific vulnerability, Full access to the coprocessor could mean access to passwords, Credit cards and more. The only thing that is known is that this vulnerability affects all Apple chips between the A7 and A11 Bionic.
Apple has already fixed this security gap with the A12 and A13 Bionic chips, but there are still millions of Apple devices running on Aion Bionic chips or older that could be affected by this vulnerability.