Security researchers recently disclosed a vulnerability in Apple’s Secure Enclave processor, but while the data storage of sensitive information means that data, including Apple Pay details and Face ID biometric records, could be compromised by attackers, in fact, it is unlikely to be an issue for the vast majority of Apple customers.
On July 24th, at the MOSEC Mobile Security Conference in Shanghai, China, Xu Hao, a security researcher on the Pangu team, revealed a problem with Apple’s EnclaveSecure processor. The team found a vulnerability in the chip that Apple considered “unfixable.”
Secure Enclave consists of a hardware-based key manager that is isolated from the main processor and is used to hold highly sensitive data that users want to keep secret, usually related to security or payment. It also maintains the integrity of the system encryption operation, even if the kernel of the device operating system has been compromised.
Secure Enclave is an important part of the security of many Apple products, including iPhone 5s and beyond, iPad Air and Beyond, Apple Watch Series 1 and beyond, fourth-generation Apple TV, HomePod, and Macs with T1 or T2 security chips.
Although pangu’s team informed the conference of the existence of the vulnerability, but refused to provide many details, the team is likely interested in providing information to Apple in order to receive a lucrative bug bounty, or to a third party, for more money and for malicious purposes.
According to the MOSEC Weibo account, the vulnerability they found was not the one in the Secure Enclave processor itself. It’s a problem with a memory controller that controls the TZ0 register memory, which manages the memory usage range of the Secure Enclave processor.
By controlling the TZO register, an attacker can change the function of the memory-isolated system that shares memory between the SEP and the main processor. This, in turn, can be used as a viable use to obtain data that is normally viewed and used only by Secure Enclave, making it a security risk. The vulnerability, which is said to be a hardware vulnerability, is said to be not covered by Apple software updates because the issue involves the chip’s built-in read-only ROM.
For end users, while the Secure Enclave vulnerability may seem scary, it is unlikely to affect the average iPhone user. The only real reason is that most people wouldn’t be affected if government agencies or law enforcement confiscated their iPhones in an investigation or were hacked for political or corporate espionage reasons.